Send mail to jif-users-l-request@cornell.edu with a subject line of join . Or turn on JavaScript to see the sign-up form.

Jif is a security-typed programming language that extends Java with support for information flow control and access control, enforced at both compile time and run time. The source code for the Jif compiler and run-time system is available for download. Jif is written in Java and is built using the Polyglot extensible Java compiler framework.

Static information flow control can protect the confidentiality and integrity of information manipulated by computing systems. The compiler tracks the correspondence between information the policies that restrict its use, enforcing security properties end-to-end within the system. After checking information flow within Jif programs, the Jif compiler translates them to Java programs and uses an ordinary Java compiler to produce secure executable programs.

Jif extends Java by adding labels that express restrictions on how information may be used. For example, the following variable declaration declares not only that the variable x is an int , but also that the information in x is governed by a security policy:

int {Alice→Bob} x;

In this case, the security policy says that the information in x is controlled by the principal Alice, and that Alice permits this information to be seen by the principal Bob. The policy {Alice←Bob} means that information is owned by Alice, and that Alice permits it to be affected by Bob. Based on label annotations like these, the Jif compiler analyzes information flows within programs, to determine whether they enforce the confidentiality and integrity of information.

Other systems that provide related functionality are the Flow Caml and SPARK/Ada languages. Jif provides richer support for tying security requirements to programs, with important features like selective, robust downgrading, language-based access control, and dynamic labels and principals. These features are crucial for language-based reasoning about security in complex applications.

Jif IDE is an Eclipse IDE plug-in for Jif, built using the Polyglot IDE framework. Jifclipse is another Eclipse-based IDE for Jif developed at Penn State. It tends not to support the latest version of Jif, however.