Information Flow Analysis in Logical Form ? ( May 27 , 2004 )

We specify an information flow analysis for a simple imperative language, using a Hoare-like logic. The logic facilitates static checking of a larger class of programs than can be checked by extant type-based approaches in which a program is deemed insecure when it contains an insecure subprogram. The logic is based on an abstract interpretation of program traces that makes independence between program variables explicit. Unlike other, more precise, approaches based on a Hoare-like logic, our approach does not require a theorem prover to generate invariants. We demonstrate the modularity of our approach by showing that a frame rule holds in our logic. Moreover, given an insecure but terminating program, we show how strongest postconditions can be employed to statically generate failure explanations.

[1]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[2]  Patrick Cousot,et al.  Automatic synthesis of optimal invariant assertions: Mathematical foundations , 1977 .

[3]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[4]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[5]  Gregory R. Andrews,et al.  An Axiomatic Approach to Information Flow in Programs , 1980, TOPL.

[6]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[7]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[8]  David Sands,et al.  Binding time analysis: a new PERspective , 1991, PEPM '91.

[9]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[10]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[11]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[12]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, ESOP.

[13]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[14]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[15]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[16]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[17]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[18]  Chris Hankin,et al.  Information flow for Algol-like languages , 2002, Comput. Lang. Syst. Struct..

[19]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[20]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.

[21]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[22]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[23]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.

[24]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[25]  Separation and information hiding , 2009, TOPL.

[26]  P. O'Hearn,et al.  BI as an assertion language for mutable data structures , 2011, SIGP.

[27]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..