The synchronous reactive data flow language LUSTRE is an expressive language, equipped with a suite of tools for modelling, simulating and model-checking a wide variety of safety-critical systems. A critical intermediate step in the formally certified compilation of LUSTRE involves translation to a well-behaved sub-language called "Normalised LUSTRE" (NLUSTRE). Recently, we proposed a simple Denning-style lattice-based secure information flow type system for NLUSTRE, and proved its soundness by establishing that security-typed programs are non-interfering with respect to the co-inductive stream semantics. In this paper, we propose a similar security type system for unrestricted LUSTRE, and show that Bourke et al.'s semantics-preserving normalisation transformations from LUSTRE to NLUSTRE are security-preserving as well. A novelty is the use of refinement security types for node calls. The main result is the preservation of security types by the normalisation transformations. The soundness of our security typing rules is shown by establishing that well-security-typed programs are non-interfering, via a reduction to type-preservation (here), semantics-preservation (Bourke et al.) and our previous result of non-interference for NLUSTRE.

中文翻译：

---

标准化光泽可保留安全性

同步反应数据流语言LUSTER是一种表达性语言，配备了一套工具，用于对各种安全关键型系统进行建模，仿真和模型检查。在经过正式认证的LUSTER编译中，关键的中间步骤涉及翻译成行为良好的子语言，称为“ Normalized LUSTRE”（NLUSTRE）。最近，我们为NLUSTRE提出了一个简单的基于Denning样式的基于格的安全信息流类型系统，并通过建立安全类型的程序相对于共归流语义无干扰的方式证明了其合理性。在本文中，我们为不受限制的LUSTRE提出了一个类似的安全类型系统，并表明Bourke等人的从LUSTER到NLUSTRE的保留语义的规范化转换同样也保留了安全性。一种新颖性是将精炼安全性类型用于节点调用。主要结果是通过规范化转换来保留安全类型。通过减少类型保留（此处），语义保留（Bourke等人）以及我们先前的非保留结果，可以证明安全类型良好的程序是无干扰的，从而表明了我们安全类型规则的合理性。对NLUSTRE的干扰。