Model-Driven Information Flow Security for Component-Based Systems

This paper proposes a formal framework for studying information flow security in component-based systems. The security policy is defined and verified from the early steps of the system design. Two kinds of non-interference properties are formally introduced and for both of them, sufficient conditions that ensures and simplifies the automated verification are proposed. The verification is compositional, first locally, by checking the behavior of every atomic component and then globally, by checking the inter-components communication and coordination. The potential benefits are illustrated on a concrete case study about constructing secure heterogeneous distributed systems.

[1]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[2]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[3]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[4]  Yassine Lakhnech,et al.  Automating information flow control in component-based distributed systems , 2011, CBSE '11.

[5]  Rogério de Lemos,et al.  Architecting dependable systems , 2003, J. Syst. Softw..

[6]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[7]  Eda Marchetti,et al.  Data Flow-Based Validation of Web Services Compositions: Perspectives and Examples , 2008, WADS.

[8]  Riccardo Focardi,et al.  Bridging Language-Based and Process Calculi Security , 2005, FoSSaCS.

[9]  Rafael Accorsi,et al.  Automatic Information Flow Analysis of Business Process Models , 2012, BPM.

[10]  Takeo Kanade,et al.  Formal Aspects in Security and Trust , 2008, Lecture Notes in Computer Science.

[11]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[12]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[13]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[14]  E. Stewart Lee,et al.  A general theory of security properties , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[15]  Heiko Mantel,et al.  Possibilistic definitions of security-an assembly kit , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[16]  Silas Boyd-Wickizer,et al.  Securing Distributed Systems with Information Flow Control , 2008, NSDI.

[17]  Steve Zdancewic,et al.  Challenges for Information-flow Security , 2004 .

[18]  D. Richard Kuhn,et al.  Role based access control on MLS systems without kernel changes , 1998, RBAC '98.

[19]  Ravi S. Sandhu,et al.  How to do discretionary access control using roles , 1998, RBAC '98.

[20]  Kaisa Sere,et al.  Dependability and Computer Engineering: Concepts for Software-Intensive Systems , 2011 .

[21]  Andrew C. Myers,et al.  Secure program partitioning , 2002, TOCS.

[22]  Joseph Sifakis,et al.  Rigorous Component-Based System Design Using the BIP Framework , 2011, IEEE Software.

[23]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[24]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[25]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[26]  Sihan Qing,et al.  Covert Channel Identification Founded on Information Flow Analysis , 2005, CIS.

[27]  Roberto Gorrieri,et al.  Foundations of Security Analysis and Design VII , 2014, Lecture Notes in Computer Science.

[28]  Ketil Stølen,et al.  A Method for Model-Driven Information Flow Security , 2009 .

[29]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[30]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[31]  Joseph Sifakis,et al.  Modeling Heterogeneous Real-time Components in BIP , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).

[32]  Rafael Accorsi,et al.  SWAT: A Security Workflow Analysis Toolkit for Reliably Secure Process-aware Information Systems , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[33]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, High. Order Symb. Comput..

[34]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[35]  Ian Stark,et al.  Free-Algebra Models for the pi-Calculus , 2005, FoSSaCS.

[36]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[37]  Roberto Gorrieri,et al.  Petri Net Security Checker: Structural Non-interference at Work , 2009, Formal Aspects in Security and Trust.

[38]  Melanie Volkamer,et al.  Information Flow Control to Secure Dynamic Web Service Composition , 2006, SPC.