Information Security Modeling and Analysis

The question of how best to model and analyze systems with information security requirements has been of interest to the Rockwell Collins Advanced Technology Center since the beginning of the AAMP7G certification effort [Wilding et al. (in press) Design and verification of microprocessor systems for high-assurance applications]. Of particular interest are techniques that are amenable to automated formal reasoning, especially in a generic theorem proving or model checking context. In this chapter, we document research results that pertain to the GWV class of information flow theorems [Greve et al. (2003) Proceedings of ACL2’03; Greve et al. (2005) Proceedings of SSTC 2005]. We provide a mathematical underpinning for the theorems, explore some of their properties, demonstrate their application to selected examples, and describe their evolutionary history. We conclude by establishing a connection between our models of information flow and the classical notion of noninterference originally proposed by Goguen and Meseguer [Proceedings of the 1982 IEEE symposium on security and privacy (1982)].

[1]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  Michael W. Whalen,et al.  Model Checking Information Flow , 2010, Design and Verification of Microprocessor Systems for High-Assurance Applications.

[4]  Matthew Wilding,et al.  Formal Verification of Partition Management for the AAMP7G Microprocessor , 2010, Design and Verification of Microprocessor Systems for High-Assurance Applications.

[5]  Raymond J. Richards Modeling and Security Analysis of a Commercial Real-Time Operating System Kernel , 2010, Design and Verification of Microprocessor Systems for High-Assurance Applications.

[6]  John Rushby A Separation Kernel Formal Security Policy in PVS , 2004 .

[7]  David S. Hardin Design and Verification of Microprocessor Systems for High-Assurance Applications , 2010 .

[8]  Claude E. Shannon,et al.  The Mathematical Theory of Communication , 1950 .

[9]  David A. Greve Parameterized congruences in ACL2 , 2006, ACL2 '06.

[10]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[11]  John Rushby Formal Verification of McMillan's Compositional Assume-Guarantee Rule , 2001 .

[12]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .