A logic for information flow in object-oriented programs

This paper specifies, via a Hoare-like logic, an interprocedural and flow sensitive (but termination insensitive) information flow analysis for object-oriented programs. Pointer aliasing is ubiquitous in such programs, and can potentially leak confidential information. Thus the logic employs independence assertions to describe the noninterference property that formalizes confidentiality, and employs region assertions to describe possible aliasing. Programmer assertions, in the style of JML, are also allowed, thereby permitting a more fine-grained specification of information flow policy.The logic supports local reasoning about state in the style of separation logic. Small specifications are used; they mention only the variables and addresses relevant to a command. Specifications are combined using a frame rule. An algorithm for the computation of postconditions is described: under certain assumptions, there exists a strongest postcondition which the algorithm computes.

[1]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[2]  Mike Barnett,et al.  99 . 44 % pure : Useful Abstractions in Specifications , 2004 .

[3]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[4]  John Mylopoulos,et al.  On the Frame Problem in Procedure Specifications , 1995, IEEE Trans. Software Eng..

[5]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[6]  Ondrej Lhoták,et al.  Points-to analysis using BDDs , 2003, PLDI '03.

[7]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[8]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[9]  VolpanoDennis,et al.  A sound type system for secure flow analysis , 1996 .

[10]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[11]  Qi Sun,et al.  Modular and Constraint-Based Information Flow Inference for an Object-Oriented Language , 2004, SAS.

[12]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[13]  Torben Amtoft,et al.  A logic for information flow analysis with an application to forward slicing of simple imperative programs , 2007, Sci. Comput. Program..

[14]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[15]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, Electron. Notes Theor. Comput. Sci..

[16]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[17]  David Sands,et al.  On flow-sensitive security types , 2006, POPL '06.

[18]  Neil Genzlinger A. and Q , 2006 .

[19]  H. Stamer Security-Typed Languages for Implementation of Cryptographic Protocols : A Case Study , 2007 .

[20]  Mark N. Wegman,et al.  Analysis of pointers and structures (with retrospective) , 1990 .

[21]  Andrei Sabelfeld,et al.  Secure Implementation of Cryptographic Protocols: A Case Study of Mutual Distrust , 2005 .

[22]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[23]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[24]  Torben Amtoft,et al.  A Logic for Information Flow Analysis of Pointer Programs , 2006 .

[25]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[26]  Peter Müller,et al.  Formal Techniques for Java-Like Programs (FTfJP) , 2004, ECOOP Workshops.

[27]  Torben Amtoft,et al.  Information Flow Analysis in Logical Form , 2004, SAS.

[28]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..