Enforcing Generalized Refinement-Based Noninterference for Secure Interface Composition

Information flow security has been considered as a critical requirement on complicated component-based software. The recent efforts on the compositional information flow analyses were limited on the expressiveness of security lattice and the efficiency of compositional enforcement. Extending these approaches to support more general security lattices is usually nontrivial because the compositionality of information flow security properties should be properly treated. In this work, we present a new extension of interface automaton. On this interface structure, we propose two refinement-based security properties, adaptable to any finite security lattice. For each property, we present and prove the security condition that ensures the property to be preserved under composition. Furthermore, we implement the refinement algorithms and the security condition decision procedure. We demonstrate the usability and efficiency of our approach with in-depth case studies. The evaluation results show that our compositional enforcement can effectively reduce the verification cost compared with global verification on composite system.

[1]  Samir Chouali,et al.  Refinement of Interface Automata Strengthened by Action Semantics , 2009, Electron. Notes Theor. Comput. Sci..

[2]  Torben Amtoft,et al.  Specification and Checking of Software Contracts for Conditional Information Flow , 2008, World Congress on Formal Methods.

[3]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[4]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[5]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[6]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[7]  Didier Lime,et al.  Synthesis of Non-Interferent Timed Systems , 2009, FORMATS.

[8]  Andrei Sabelfeld,et al.  Compositional Information-Flow Security for Interactive Systems , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[9]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[10]  Michaela Huhn,et al.  Tool support for agent-based systems in ptolemy , 2011, S&D4RCES '11.

[11]  Axel Legay,et al.  Ticc: A Tool for Interface Compatibility and Composition , 2006, CAV.

[12]  Samir Chouali,et al.  An I/O Automata-based Approach to Verify Component Compatibility: Application to the CyCab Car , 2010, Electron. Notes Theor. Comput. Sci..

[13]  Farhad Mavaddat,et al.  Interface Automata with Complex Actions , 2006, Electron. Notes Theor. Comput. Sci..

[14]  Lin Zhao,et al.  Formal verification of safety protocol in train control system , 2011 .

[15]  Haibin Zhu,et al.  Analysis of the minimal privacy disclosure for web services collaborations with role mechanisms , 2011, Expert Syst. Appl..

[16]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Nejib Ben Hadj-Alouane,et al.  On the verification of intransitive noninterference in mulitlevel security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[18]  Bernd Finkbeiner,et al.  Model Checking Information Flow in Reactive Systems , 2012, VMCAI.

[19]  Andrei Sabelfeld,et al.  A Perspective on Information-Flow Control , 2012, Software Safety and Security.

[20]  Ilaria Matteucci,et al.  Gate automata-driven run-time enforcement , 2012, Comput. Math. Appl..

[21]  Yassine Lakhnech,et al.  Automating information flow control in component-based distributed systems , 2011, CBSE '11.

[22]  Matias David Lee,et al.  A Refinement Based Notion of Non-interference for Interface Automata: Compositionality, Decidability and Synthesis , 2010, 2010 XXIX International Conference of the Chilean Computer Science Society.

[23]  Heiko Mantel,et al.  On the composition of secure systems , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[24]  Thomas A. Henzinger,et al.  Interface Theories for Component-Based Design , 2001, EMSOFT.

[25]  Thomas A. Henzinger,et al.  INTERFACE-BASED DESIGN , 2005 .

[26]  Martín Abadi,et al.  Conjoining specifications , 1995, TOPL.

[27]  Thomas A. Henzinger,et al.  Alternating Refinement Relations , 1998, CONCUR.

[28]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[29]  Matias David Lee,et al.  Describing Secure Interfaces with Interface Automata , 2010, FESCA@ETAPS.