Filament: Denning-Style Information Flow Control for Rust

Computer Science > Programming Languages [Submitted on 15 Apr 2026] Filament: Denning-Style Information Flow Control for Rust Jeffrey C. Ching, Quan Zhou, Danfeng Zhang Existing language-based information-flow control (IFC) tools face a fundamental tension: Denning-style systems that track explicit and implicit flows at the variable level typically require compiler modifications, while more coarse-grained approaches, including recent work Cocoon, avoid compiler changes but impose more restrictive programming models. We present Filament, a Denning-style static IFC library for Rust that requires no compiler modifications. Filament addresses three key challenges in building a practical IFC library for Rust. First, it enables fine-grained explicit-flow checking with minimal annotation overhead by leveraging Rust's type inference. Second, it introduces pc_block!, a lightweight construct for enforcing implicit flows via a compile-time program counter label, without requiring compiler support. Third, it provides fcall! and mcall! macros to support seamless and safe interoperability with standard and third-party libraries. Our evaluation shows that Filament incurs negligible compile-time overhead and requires only modest annotations. Moreover, compared to Cocoon, Filament offers a more permissive programming model, reducing the need for frequent escape hatches that bypass security checks. Subjects: Programming Languages (cs.PL); Cryptography and Security (cs.CR) Cite as: arXiv:2604.14357 [cs.PL]   (or arXiv:2604.14357v1 [cs.PL] for this version)   https://doi.org/10.48550/arXiv.2604.14357 Focus to learn more Submission history From: Jeffrey Ching [view email] [v1] Wed, 15 Apr 2026 19:19:05 UTC (129 KB) Access Paper: view license Current browse context: cs.PL < prev   |   next > new | recent | 2026-04 Change to browse by: cs cs.CR References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)