Modular Product Programs

Many interesting program properties like determinism or information flow security are hyperproperties, that is, they relate multiple executions of the same program. Hyperproperties can be verified using relational logics, but these logics require dedicated tool support and are difficult to automate. Alternatively, constructions such as self-composition represent multiple executions of a program by one product program, thereby reducing hyperproperties of the original program to trace properties of the product. However, existing constructions do not fully support procedure specifications, for instance, to derive the determinism of a caller from the determinism of a callee, making verification non-modular.

[1]  Frank Piessens,et al.  Implicit dynamic frames , 2008, TOPL.

[2]  Bernhard Beckert,et al.  A Hybrid Approach for Proving Noninterference of Java Programs , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[3]  Isil Dillig,et al.  Cartesian hoare logic for verifying k-safety properties , 2016, PLDI.

[4]  Peter Müller,et al.  Automatic Verification of Iterated Separating Conjunctions Using Symbolic Execution , 2016, CAV.

[5]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[6]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[7]  Zhong Shao,et al.  A Separation Logic for Enforcing Declarative Information Flow Control Policies , 2014, POST.

[8]  Shuvendu K. Lahiri,et al.  Differential assertion checking , 2013, ESEC/FSE 2013.

[9]  Geoffrey Smith,et al.  Principles of Secure Information Flow Analysis , 2007, Malware Detection.

[10]  Atsushi Igarashi,et al.  A guess-and-assume approach to loop fusion for program verification , 2017, PEPM.

[11]  Anindya Banerjee,et al.  Relational Logic with Framing and Hypotheses , 2016, FSTTCS.

[12]  Peter Müller,et al.  Modular Product Programs , 2020, ACM Trans. Program. Lang. Syst..

[13]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[14]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.

[15]  Gilles Barthe,et al.  Beyond 2-Safety: Asymmetric Product Programs for Relational Program Verification , 2013, LFCS.

[16]  Lutz Priese,et al.  Fairness , 1988, Bull. EATCS.

[17]  Christoph Scheben,et al.  Verification of Information Flow Properties of Java Programs without Approximations , 2011, FoVeOOS.

[18]  Shuvendu K. Lahiri,et al.  Towards Modularly Comparing Programs Using Automated Theorem Provers , 2013, CADE.

[19]  Michael Hicks,et al.  Decomposition instead of self-composition for proving the absence of timing channels , 2017, PLDI.

[20]  Peter Müller,et al.  Viper: A Verification Infrastructure for Permission-Based Reasoning , 2016, VMCAI.

[21]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[22]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[23]  Grigory Fedyukovich,et al.  Exploiting Synchrony and Symmetry in Relational Verification , 2018, CAV.

[24]  Gregor Snelting,et al.  A new algorithm for low-deterministic security , 2014, International Journal of Information Security.

[25]  Peng Li,et al.  Downgrading policies and relaxed noninterference , 2005, POPL '05.

[26]  Geoffrey Smith,et al.  Lenient array operations for practical secure information flow , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[27]  Vladimir Klebanov,et al.  Automating regression verification , 2014, Software Engineering & Management.

[28]  Wei-Ngan Chin,et al.  A Logical System for Modular Information Flow Verification , 2018, VMCAI.

[29]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[30]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[31]  Hongseok Yang,et al.  Relational separation logic , 2007, Theor. Comput. Sci..

[32]  Alastair F. Donaldson,et al.  Interleaving and Lock-Step Semantics for Analysis and Verification of GPU Kernels , 2013, ESOP.

[33]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[34]  Anindya Banerjee,et al.  A Logical Analysis of Framing for Specifications with Pure Method Calls , 2014, VSTTE.

[35]  Adam Betts,et al.  GPUVerify: a verifier for GPU kernels , 2012, OOPSLA '12.

[36]  K. Rustan M. Leino,et al.  Verification of Equivalent-Results Methods , 2008, ESOP.

[37]  Ofer Strichman,et al.  Proving mutual termination , 2015, Formal Methods Syst. Des..

[38]  David A. Naumann From Coupling Relations to Mated Invariants for Checking Information Flow , 2006, ESORICS.

[39]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[40]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[41]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[42]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[43]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.