A Proof System for Information Flow Security

Persistent_BNDC (P_BNDC, for short) is an information-flow security property for processes in dynamic contexts, i.e., contexts that can be reconfigured at runtime. Intuitively, P_BNDC requires that high level interactions never interfere with the low level behavior of the system, in every possible state. P_BNDC is verified by checking whether the system interacting with a high level component is bisimilar or not to the system in isolation. In this work we contribute to the verification of information-flow security in two respects: (i) we give an unwinding condition that allows us to express P_BNDC in terms of a local property on high level actions and (ii) we exploit this local property in order to define a proof system which provides a very efficient technique for the development and the verification of P_BNDC processes.

[1]  F. Nielson,et al.  Static Analysis of Processes for No Read-Up and No Write-Down , 1999 .

[2]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[3]  David Lee,et al.  Online minimization of transition systems (extended abstract) , 1992, STOC '92.

[4]  John C. Mitchell,et al.  A compositional logic for protocol correctness , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[5]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[6]  Heiko Mantel,et al.  Possibilistic definitions of security-an assembly kit , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[7]  James Riely,et al.  Information flow vs. resource access in the asynchronous pi-calculus , 2000, TOPL.

[8]  R. Focardi,et al.  Information flow ecurity in dynamic contexts , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[9]  Ilaria Castellani,et al.  Noninterference for Concurrent Programs , 2001, ICALP.

[10]  Flemming Nielson,et al.  Static Analysis for the pi-Calculus with Applications to Security , 2001, Inf. Comput..

[11]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[12]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[13]  Jonathan K. Millen Unwinding Forward Corre tabilityJonathan , 1994 .

[14]  Robert E. Tarjan,et al.  Three Partition Refinement Algorithms , 1987, SIAM J. Comput..

[15]  Vitaly Shmatikov,et al.  Analysis of a Fair Exchange Protocol , 2000, NDSS.

[16]  Agostino Cortesi,et al.  Control Flow Analysis of Mobile Ambients with Security Boundaries , 2002, FMOODS.

[17]  Heiko Mantel,et al.  A generic approach to the security of multi-threaded programs , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[18]  Miles H. Krumbine Hell , 1930, The Journal of Religion.

[19]  Riccardo Focardi,et al.  Transforming Processes to Check and Ensure Information Flow Security , 2002, AMAST.

[20]  Robert de Simone,et al.  Symbolic Bisimulation Minimisation , 1992, CAV.

[21]  Jonathan K. Millen,et al.  Unwinding forward correctability , 1994, Proceedings The Computer Security Foundations Workshop VII.

[22]  Fabio Martinelli,et al.  Partial model checking and theorem proving for ensuring security properties , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[23]  Heiko Mantel,et al.  Unwinding Possibilistic Security Properties , 2000, ESORICS.

[24]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[25]  Agostino Dovier,et al.  A Fast Bisimulation Algorithm , 2001, CAV.

[26]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[27]  Ri ardo,et al.  Information Flow Se urity in Dynami Contexts ? , 2002 .

[28]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[29]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[30]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[31]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[32]  James Riely,et al.  Information Flow vs. Resource Access in the Asynchronous Pi-Calculus , 2000, ICALP.

[33]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.