SAT-based Algorithmic Verification of Noninterference

In this paper we propose an algorithmic verification technique to check noninterference for deterministic finite state systems. Our technique integrates the counterexamples search strategy and window induction proof strategy. This integration generates counterexamples of minimal length faster. We further show how Boolean decision procedures can perform searching for counterexamples and the induction proof. Since our technique translates the search of counterexamples of increasing length into a sequence of propositional satisfiability checks, we also exploit the similarity of these SAT instances by conflict-driven learning during conflict analysis from one instance to the next.

[1]  Ofer Strichman,et al.  Accelerating Bounded Model Checking of Safety Properties , 2004, Formal Methods Syst. Des..

[2]  Joao Marques-Silva,et al.  GRASP: A Search Algorithm for Propositional Satisfiability , 1999, IEEE Trans. Computers.

[3]  Chris Hankin,et al.  Approximate non-interference , 2004 .

[4]  David A. Basin,et al.  Bounded Model Construction for Monadic Second-Order Logics , 2000, CAV.

[5]  Fabio Somenzi,et al.  An Incremental Algorithm to Check Satisfiability for Bounded Model Checking , 2005, Electron. Notes Theor. Comput. Sci..

[6]  Robert P. Kurshan,et al.  Experimental Analysis of Different Techniques for Bounded Model Checking , 2003, TACAS.

[7]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Qing Si Covert Channel Analysis in Secure Operating Systems with High Security Levels , 2004 .

[9]  Ron van der Meyden,et al.  Algorithmic Verification of Noninterference Properties , 2007, VODCA@FOSAD.

[10]  Armando Tacchella,et al.  Benefits of Bounded Model Checking at an Industrial Setting , 2001, CAV.

[11]  E. Stewart Lee,et al.  A general theory of security properties , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[12]  James C. Corbett,et al.  Evaluating Deadlock Detection Methods for Concurrent Software , 1996, IEEE Trans. Software Eng..

[13]  John N. Hooker,et al.  Solving the incremental satisfiability problem , 1993, J. Log. Program..

[14]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[15]  Moshe Y. Vardi,et al.  SAT-based Induction for Temporal Safety Properties , 2005, BMC@CAV.

[16]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[17]  Per Bjesse,et al.  Finding Bugs in an Alpha Microprocessor Using Satisfiability Solvers , 2001, CAV.

[18]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[19]  Hantao Zhang,et al.  SATO: An Efficient Propositional Prover , 1997, CADE.