Efficient Self-composition for Weakest Precondition Calculi

This paper contributes to deductive verification of language based secure information flow. A popular approach in this area is self-composition in combination with off-the-shelf software verification systems to check for secure information flow. This approach is appealing, because 1 it is highly precise and 2 existing sophisticated software verification systems can be harnessed. On the other hand, self-composition is commonly considered to be inefficient. We show how the efficiency of self-composition style reasoning can be increased. It is sufficient to consider programs only once, if the used verification technique is based on a weakest precondition calculus with an explicit heap model. Additionally, we show that in many cases the number of final symbolic states to be considered can be reduced considerably. Finally, we propose a comprehensive solution of the technical problem of applying software contracts within the self-composition approach. So far this problem had only been solved partially.

[1]  Dieter Gollmann,et al.  Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings , 2006, ESORICS.

[2]  Christoph Scheben,et al.  Verification of Information Flow Properties of Java Programs without Approximations , 2011, FoVeOOS.

[3]  Gregor Snelting,et al.  Information Flow Control for Java Based on Path Conditions in Dependence Graphs , 2006, ISSSE.

[4]  David A. Naumann From Coupling Relations to Mated Invariants for Checking Information Flow , 2006, ESORICS.

[5]  Cesare Tinelli,et al.  The SMT-LIB Standard: Version 1.2 , 2005 .

[6]  Wolfram Schulte,et al.  FM 2011: Formal Methods - 17th International Symposium on Formal Methods, Limerick, Ireland, June 20-24, 2011. Proceedings , 2011, FM.

[7]  Torben Amtoft,et al.  Specification and Checking of Software Contracts for Conditional Information Flow , 2008, FM.

[8]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[9]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[10]  John McCarthy,et al.  Towards a Mathematical Science of Computation , 1962, IFIP Congress.

[11]  Graham Steel,et al.  Deduction with XOR Constraints in Security API Modelling , 2005, CADE.

[12]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[13]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[14]  C. A. R. Hoare,et al.  Procedures and parameters: An axiomatic approach , 1971, Symposium on Semantics of Algorithmic Languages.

[15]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[16]  Bernhard Beckert,et al.  Formal Verification of Object-Oriented Software - International Conference, FoVeOOS 2010, Paris, France, June 28-30, 2010, Revised Selected Papers , 2011, FoVeOOS.

[17]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[18]  Reiner Hähnle,et al.  Abstract Interpretation of Symbolic Execution with Explicit State Updates , 2009, FMCO.

[19]  Stan Matwin,et al.  Privacy-Sensitive Information Flow with JML , 2005, CADE.

[20]  Torben Amtoft,et al.  Verification condition generation for conditional information flow , 2007, FMSE '07.

[21]  Kaisa Sere,et al.  FM 2008: Formal Methods, 15th International Symposium on Formal Methods, Turku, Finland, May 26-30, 2008, Proceedings , 2008, FM.

[22]  Torben Amtoft,et al.  Precise and Automated Contract-Based Reasoning for Verification and Certification of Information Flow Properties of Programs with Arrays , 2010, ESOP.

[23]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[24]  Quoc-Sang Phan,et al.  Self-composition by Symbolic Execution , 2013, ICCSW.

[25]  Deepak Garg,et al.  Verification of Information Flow and Access Control Policies with Dependent Types , 2011, 2011 IEEE Symposium on Security and Privacy.

[26]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[27]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..