Relational bytecode correlations

Abstract We present a calculus for tracking equality relationships between values through pairs of bytecode programs. The calculus may serve as a certification mechanism for non-interference, a well-known program property in the field of language-based security, and code transformations. Contrary to previous type systems for non-interference, no restrictions are imposed on the control flow structure of programs. Objects, static and virtual methods are included, and heap-local reasoning is supported by frame rules. In combination with polyvariance, the latter enable the modular verification of programs over heap-allocated data structures, which we illustrate by verifying and comparing different implementations of list copying. The material is based on a complete formalisation in Isabelle/HOL.

[1]  Tarmo Uustalu,et al.  Proof optimization for partial redundancy elimination , 2008, PEPM '08.

[2]  Reiner Hähnle,et al.  Integration of a security type system into a program logic , 2006, Theor. Comput. Sci..

[3]  Martin Hofmann,et al.  Secure information flow and program logics , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[4]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[5]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[6]  Anindya Banerjee,et al.  Towards a logical account of declassification , 2007, PLAS '07.

[7]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[8]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[9]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[10]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[11]  Eduardo Bonelli,et al.  A Typed Assembly Language for Non-interference , 2005, ICTCS.

[12]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.

[13]  Martin Rinard,et al.  Credible Compilation with Pointers , 1999 .

[14]  Aleksy Schubert,et al.  ESC/Java2 as a Tool to Ensure Security in the Source Code of Java Applications , 2006, SET.

[15]  Fabio Martinelli,et al.  Formal aspects in security and trust : Third International Workshop, FAST 2005 : Newcastle upon Tyne, UK, July 18-19, 2005 : revised selected papers , 2006 .

[16]  Sorin Lerner,et al.  Automated soundness proofs for dataflow analyses and transformations via local rules , 2005, POPL '05.

[17]  Hongseok Yang,et al.  Relational Parametricity and Separation Logic , 2008, Log. Methods Comput. Sci..

[18]  Sumit Gulwani,et al.  Discovering affine equalities using random interpretation , 2003, POPL '03.

[19]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..

[20]  Martin Hofmann,et al.  Certification Using the Mobius Base Logic , 2008, FMCO.

[21]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[22]  Mamoru Maekawa,et al.  Java Bytecode Dependence Analysis for Secure Information Flow , 2007, Int. J. Netw. Secur..

[23]  Martin Hofmann,et al.  Automatic Certification of Heap Consumption , 2004, LPAR.

[24]  Hongseok Yang,et al.  Relational separation logic , 2007, Theor. Comput. Sci..

[25]  Martijn Warnier,et al.  Language based security for Java and JML , 2006 .

[26]  Amir Pnueli,et al.  CoVaC: Compiler Validation by Program Analysis of the Cross-Product , 2008, FM.

[27]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[28]  Fausto Spoto,et al.  Information Flow Analysis for Java Bytecode , 2005, VMCAI.

[29]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[30]  David K. Gifford,et al.  Polymorphic effect systems , 1988, POPL '88.

[31]  Damiano Zanardini,et al.  Abstract non-interference in a fragment of Java bytecode , 2006, SAC.

[32]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[33]  Gregor Snelting,et al.  Information Flow Control for Java Based on Path Conditions in Dependence Graphs , 2006, ISSSE.

[34]  David A. Naumann From Coupling Relations to Mated Invariants for Checking Information Flow , 2006, ESORICS.

[35]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[36]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[37]  Thomas Kleymann,et al.  Hoare logic and VDM : machine-checked soundness and completeness proofs , 1998 .

[38]  Heiko Mantel,et al.  Eliminating Implicit Information Leaks by Transformational Typing and Unification , 2005, Formal Aspects in Security and Trust.

[39]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[40]  Markus Müller-Olm,et al.  Interprocedurally Analyzing Polynomial Identities , 2006, STACS.

[41]  Naoki Kobayashi,et al.  Type-Based Information Analysis for Low-Level Languages , 2002, Asian Symposium on Programming Languages and Systems.

[42]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[44]  Tarmo Uustalu,et al.  Type Systems for Optimizing Stack-based Code , 2007, Electron. Notes Theor. Comput. Sci..

[45]  Tobias Nipkow,et al.  Hoare Logics for Recursive Procedures and Unbounded Nondeterminism , 2002, CSL.

[46]  Guy L. Steele,et al.  Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages , 1996, POPL 1996.

[47]  Xavier Leroy,et al.  Formal verification of translation validators: a case study on instruction scheduling optimizations , 2008, POPL '08.

[48]  Carla Piazza,et al.  Unwinding Conditions for Security in Imperative Languages , 2004, LOPSTR.

[49]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[50]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[51]  Andrei Sabelfeld,et al.  Semantic Models for the Security of Sequential and Concurrent Programs , 2001 .

[52]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[53]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[54]  David Sands,et al.  On flow-sensitive security types , 2006, POPL '06.

[55]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[56]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[57]  Martin Hofmann,et al.  A Bytecode Logic for JML and Types , 2006, APLAS.

[58]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..