Abstract Interpretation and Model Checking for Checking Secure Information Flow in Concurrent Systems

We propose a method to check secure information flow in concurrent programs with synchronization. The method is based on the combination of abstract interpretation and model checking: by abstract interpretation we build a finite representation (transition system) of the behavior of the program. Then we model check the the abstract transition system with respect to the security properties, expressed by a set of temporal logic formulae. The approach allows certifying more programs than previous methods do. The main point is that we are able to check more carefully the scope of indirect information flows.

[1]  Roberto Barbuti,et al.  Abstract interpretation of operational semantics for secure information flow , 2002, Inf. Process. Lett..

[2]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[3]  C. A. R. Hoare,et al.  Communicating Sequential Processes (Reprint) , 1983, Commun. ACM.

[4]  Rance Cleaveland,et al.  The NCSU Concurrency Workbench , 1996, CAV.

[5]  Geoffrey Smith,et al.  A new type system for secure information flow , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[6]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[7]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[8]  Geoffrey Smith,et al.  Eliminating covert flows with minimum typings , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  Roberto Barbuti,et al.  Selective Mu-Calculus and Formula-Based Equivalence of Transition Systems , 1999, J. Comput. Syst. Sci..

[10]  Gregory R. Andrews,et al.  An Axiomatic Approach to Information Flow in Programs , 1980, TOPL.

[11]  Tommaso Bolognesi,et al.  Tableau methods to describe strong bisimilarity on LOTOS processes involving pure interleaving and enabling , 1994, FORTE.

[12]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[13]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[14]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[15]  Daniel Le Métayer,et al.  Compile-Time Detection of Information Flow in Sequential Programs , 1994, ESORICS.

[16]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[17]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[18]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[19]  Flemming Nielson,et al.  Abstract interpretation: a semantics-based tool for program analysis , 1995, LICS 1995.

[20]  Antonella Santone,et al.  A tool supporting efficient model checking of concurrent specifications , 2002, Microprocess. Microsystems.

[21]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, ESOP.