Formal specification of security guidelines for program certification

Secure software can be obtained out of two distinct processes: security by design, and security by certification. The former approach has been quite extensively formalized as it builds upon models, which are verified to ensure security properties are attained and from which software is then derived manually or automatically. In contrast, the latter approach has always been quite informal in both specifying security best practices and verifying that the code produced conforms to them. In this paper, we focus on the latter approach and describe how security guidelines might be captured by security experts and verified formally by developers. Our technique relies on abstracting actions in a program based on modularity, and on combining model checking together with information flow analysis. Our goal is to formalize the existing body of knowledge in security best practices using formulas in the MCL language and to conduct formal verifications of the conformance of programs with such security guidelines. We also discuss our first results in creating a methodology for the formalization of security guidelines.

[1]  Antti Valmari,et al.  The State Explosion Problem , 1996, Petri Nets.

[2]  André Arnold,et al.  Finite transition systems , 1994 .

[3]  Edmund M. Clarke,et al.  Model Checking and the State Explosion Problem , 2011, LASER Summer School.

[4]  Dieter Hutter,et al.  VSE: formal methods meet industrial needs , 2000, International Journal on Software Tools for Technology Transfer.

[5]  Ludovic Apvrille,et al.  SysML-Sec: A model driven approach for designing safe and secure systems , 2015, 2015 3rd International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[6]  Radu Mateescu,et al.  An overview of CADP 2001 , 2001 .

[7]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[9]  Gary B. Wills,et al.  Formal Modelling of Data Integration Systems Security Policies , 2016, Data Science and Engineering.

[10]  Heiko Mantel,et al.  Exemplary Formalization of Secure Coding Guidelines , 2010 .

[11]  Gregor Snelting,et al.  Checking Applications using Security APIs with JOANA , 2015 .

[12]  Rabéa Ameur-Boulifa,et al.  Formal Specification and Verification of Security Guidelines , 2017, 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing (PRDC).

[13]  Radu Mateescu,et al.  A Model Checking Language for Concurrent Value-Passing Systems , 2008, FM.

[14]  Miguel Castro,et al.  Securing software by enforcing data-flow integrity , 2006, OSDI '06.

[15]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[16]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[17]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[18]  Marieke Huisman,et al.  A Formal Connection between Security Automata and JML Annotations , 2009, FASE.

[19]  Philip Miller,et al.  Source Code Analysis Laboratory (SCALe) , 2012 .

[20]  Scott Moore,et al.  Exploring and enforcing security guarantees via program dependence graphs , 2015, PLDI.

[21]  Jarred Adam Ligatti,et al.  More Enforceable Security Policies , 2002 .

[22]  Rabéa Ameur-Boulifa,et al.  Security Guidelines: Requirements Engineering for Verifying Code Quality , 2016, 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW).

[23]  Rabéa Ameur-Boulifa,et al.  Tracking Dependent Information Flows , 2017, ICISSP.

[24]  John Wilander,et al.  Pattern Matching Security Properties of Code using Dependence Graphs , 2005 .