Formalizing non-interference for a simple bytecode language in Coq

In this paper, we describe the application of the interactive theorem prover Coq to the security analysis of bytecode as used in Java. We provide a generic specification and proof of non-interference for bytecode languages using the Coq module system. We illustrate the use of this formalization by applying it to a small subset of Java bytecode. The emphasis of the paper is on modularity of a language formalization and its analysis in a machine proof.

[1]  Leonard J. LaPadula,et al.  MITRE technical report 2547, volume II , 1996 .

[2]  David von Oheimb Analyzing Java in Isabelle-HOL: formalization, type safety and Hoare logic , 2001 .

[3]  Tobias Nipkow,et al.  Verified Bytecode Verifiers , 2001, FoSSaCS.

[4]  Amy P. Felty,et al.  The Coq proof assistant user's guide : version 5.6 , 1990 .

[5]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[6]  BanerjeeAnindya,et al.  Stack-based access control and secure information flow , 2005 .

[7]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[8]  Jeffrey S. Fenton Information Protection Systems , 1973 .

[9]  Martin Strecker,et al.  Formal analysis of an information flow type system for microjava (extended version) , 2003 .

[10]  William A. Howard,et al.  The formulae-as-types notion of construction , 1969 .

[11]  Jacek Chrząszcz Implementing Modules in the Coq System , 2003, TPHOLs.

[12]  Gilles Barthe,et al.  A Tool-Assisted Framework for Certified Bytecode Verification , 2004, FASE.

[13]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[14]  Alonzo Church,et al.  A formulation of the simple theory of types , 1940, Journal of Symbolic Logic.

[15]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[16]  Z. Chen Java Card Technology for Smart Cards: Architecture and Programmer''s Guide. The Java Series. Addis , 2000 .

[17]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[18]  Benjamin C. Pierce,et al.  Types and programming languages: the next generation , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[19]  Olivier Ly,et al.  Using Coq to Verify Java Card Applet Isolation Properties , 2003, TPHOLs.

[20]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..

[21]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[22]  Thierry Coquand,et al.  Inductively defined types , 1988, Conference on Computer Logic.

[23]  Prof. Dr. Robert F. Stärk,et al.  Java and the Java Virtual Machine , 2001, Springer Berlin Heidelberg.

[24]  Florian Kammüller,et al.  Modular Reasoning in Isabelle , 2000, CADE.

[25]  David A. Naumann Verifying a Secure Information Flow Analyzer , 2005, TPHOLs.

[26]  Florian Kammüller,et al.  A Formal Proof of Sylow's Theorem An Experiment in Abstract Algebra with Isabelle HOL , 1998 .

[27]  David von Oheimb Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage , 2004, ESORICS.

[28]  Peter D. Mosses Foundations of Modular SOS , 1999, MFCS.

[29]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[30]  Egon Börger,et al.  Java and the Java Virtual Machine: Definition, Verification, Validation , 2001 .

[31]  Pieter H. Hartel,et al.  Formalizing the safety of Java, the Java virtual machine, and Java card , 2001, CSUR.

[32]  David B. MacQueen Using dependent types to express modular structure , 1986, POPL '86.

[33]  Philip A. Nelson,et al.  A comparison of PASCAL intermediate languages , 1979, SIGPLAN '79.

[34]  Florian Kammüller,et al.  A Formal Proof of Sylow's Theorem , 1999, Journal of Automated Reasoning.

[35]  Simon Thompson,et al.  Type theory and functional programming , 1991, International computer science series.

[36]  J. van Leeuwen,et al.  Theorem Proving in Higher Order Logics , 1999, Lecture Notes in Computer Science.

[37]  Michael Norrish,et al.  Types, bytes, and separation logic , 2007, POPL '07.

[38]  J. Roger Hindley,et al.  To H.B. Curry: Essays on Combinatory Logic, Lambda Calculus, and Formalism , 1980 .

[39]  Xavier Leroy,et al.  Java Bytecode Verification: Algorithms and Formalizations , 2003, Journal of Automated Reasoning.

[40]  Guillaume Dufay,et al.  Vérification formelle de la plate-forme Java Card , 2003 .

[41]  Gilles Barthe,et al.  Security Types Preserving Compilation ? ( Extended abstract ) , 2022 .