Checking security properties by model checking

A method is proposed for checking security properties in programs written in high‐level languages. The method is based on the model checking technique. The SMV tool is used. The representation of the program is a Kripke structure modelling the control flow graph enriched with security information. The properties considered are secure information flow and the absence of covert channels caused by program termination. The formulae expressing these security properties are given using the logic CTL. Copyright © 2003 John Wiley & Sons, Ltd.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[3]  Jean-Louis Lanet,et al.  Checking Secure Interactions of Smart Card Applets , 2000, ESORICS.

[4]  Roberto Barbuti,et al.  Checking security of Java bytecode by abstract interpretation , 2002, SAC '02.

[5]  Jean-Louis Lanet,et al.  The PACAP Prototype: A Tool for Detecting Java Card Illegal Flow , 2000, Java Card Workshop.

[6]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[7]  Rance Cleaveland,et al.  The Concurrency Workbench , 1990, Automatic Verification Methods for Finite State Systems.

[8]  Geoffrey Smith,et al.  Eliminating covert flows with minimum typings , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[10]  Andrei Sabelfeld The Impact of Synchronisation on Secure Information Flow in Concurrent Programs , 2001, Ershov Memorial Conference.

[11]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 2001 .

[12]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[13]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[14]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, ESOP.

[15]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[16]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[17]  Colin Stirling,et al.  An Introduction to Modal and Temporal Logics for CCS , 1991, Concurrency: Theory, Language, And Architecture.

[18]  Geoffrey Smith,et al.  A new type system for secure information flow , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[19]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[20]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[21]  Nicoletta De Francesco,et al.  Combining Abstract Interpretation and Model Checking for Analysing Security Properties of Java Bytecode , 2002, VMCAI.

[22]  Roberto Barbuti,et al.  Abstract interpretation of operational semantics for secure information flow , 2002, Inf. Process. Lett..

[23]  Sylvain Conchon,et al.  Information flow inference for free , 2000, ICFP '00.

[24]  Antonella Santone,et al.  Checking Secure Information Flow in Concurrent Languages by Abstract Interpretation + Model Checking , 2002 .

[25]  Daniel Le Métayer,et al.  Compile-Time Detection of Information Flow in Sequential Programs , 1994, ESORICS.

[26]  Jim Woodcock,et al.  Non-interference through Determinism , 1994, J. Comput. Secur..

[27]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[28]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[29]  Gregory R. Andrews,et al.  An Axiomatic Approach to Information Flow in Programs , 1980, TOPL.

[30]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[31]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.