A logic for information flow analysis with an application to forward slicing of simple imperative programs

We specify an information flow analysis for a simple imperative language, using a Hoare-like logic. The logic facilitates static checking of a larger class of programs than can be checked by extant type-based approaches in which a program is deemed insecure when it contains an insecure subprogram. The logic is based on an abstract interpretation of a ''prelude'' semantics which makes independence between program variables explicit. Unlike other, more precise, approaches based on Hoare logics, our approach does not require a theorem prover to generate invariants. We demonstrate the modularity of our approach by showing that a frame rule holds in our logic. Finally, we show how our logic can be applied to a program transformation, namely, forward slicing: given a derivation of a program in the logic, with the information that variable l is independent of variable h, the slicing transformation systematically creates the forward l-slice of the program: the slice contains all the commands independent of h. We show that the slicing transformation is semantics preserving.

[1]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[2]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[3]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[4]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[5]  Patrick Cousot,et al.  Automatic synthesis of optimal invariant assertions: Mathematical foundations , 1977, Artificial Intelligence and Programming Languages.

[6]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[7]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[8]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..

[9]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[10]  David A. Schmidt Structure-Preserving Binary Relations for Program Abstraction , 2002, The Essence of Computation.

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.

[13]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[14]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[15]  Gregory R. Andrews,et al.  An Axiomatic Approach to Information Flow in Programs , 1980, TOPL.

[16]  Peter W. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2001, POPL '01.

[17]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[18]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.

[19]  Chris Hankin,et al.  Information flow for Algol-like languages , 2002, Comput. Lang. Syst. Struct..

[20]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[21]  Richard J. Lipton,et al.  Foundations of Secure Computation , 1978 .

[22]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, High. Order Symb. Comput..

[23]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[24]  Torben Amtoft,et al.  Information Flow Analysis in Logical Form , 2004, SAS.

[25]  VolpanoDennis,et al.  A sound type system for secure flow analysis , 1996 .

[26]  David Sands,et al.  Binding time analysis: a new PERspective , 1991, PEPM '91.

[27]  David Sands,et al.  On flow-sensitive security types , 2006, POPL '06.

[28]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[29]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[30]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[31]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[32]  Peter W. O'Hearn,et al.  Separation and information hiding , 2004, POPL.

[33]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[34]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[35]  Simon L. Peyton Jones,et al.  Imperative functional programming , 1993, POPL '93.

[36]  David Sands,et al.  Binding time analysis: a new PERspective , 1991, PEPM '91.

[37]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.