Secure Information Flow as a Safety Problem

The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D'Argenio, and Rezk coined the term “self-composition” to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.

[1]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[2]  Andrew C. Myers,et al.  Robust declassification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[3]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[4]  Donald Sanella What Does the Future Hold for Theoretical Computer Science , 1997 .

[5]  Torben Amtoft,et al.  Information Flow Analysis in Logical Form , 2004, SAS.

[6]  Andreas Podelski,et al.  Transition predicate abstraction and fair termination , 2005, POPL '05.

[7]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[8]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[10]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.

[11]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[12]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[13]  Akinori Yonezawa,et al.  Software Security — Theories and Systems , 2003, Lecture Notes in Computer Science.

[14]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.

[15]  Peng Li,et al.  Downgrading policies and relaxed noninterference , 2005, POPL '05.

[16]  Andreas Podelski,et al.  Relative Completeness of Abstraction Refinement for Software Model Checking , 2002, TACAS.