Information Flow Control — Overview
Intentionally limited
Sigil’s IFC system (spec: 11_IFC.csl) has a full formal lattice algebra. This KB page covers the concept and usage only. The full lattice specification and declassification operator internals are not published here.
What IFC is
Section titled “What IFC is”Information Flow Control is a type-level mechanism that tracks the security level of data and enforces that high-security data does not flow into low-security outputs without explicit declassification.
In Sigil’s context, IFC is used to:
- Ensure GPU shader outputs don’t contain host-side secrets
- Track data provenance in pipelines that mix trusted and untrusted inputs
- Enforce that sensor data labeled as private doesn’t appear in public-facing outputs
High-level usage
Section titled “High-level usage”// Tag a value as high-securitylet secret_key: f32<High> = get_api_key();
// Attempting to use it in a low-security context is a compile error:// let output: f32<Low> = secret_key; // ERROR: information flow violation
// Declassification requires an explicit, auditable operation:let declassified = declassify(secret_key, DeclassifyCapability);The full lattice algebra that determines when information flow is permitted is not documented here. If you need the full IFC spec for a security analysis, contact the project maintainers.