Static Analysis for the pi-Calculus with Applications to Security

Abstract Control Flow Analysis is a static technique for predicting safe and computable approximations to the set of values that the objects of a program may assume during its execution. We present an analysis for the π-calculus that shows how names will be bound to actual channels at run time. The result of our analysis establishes a super-set of the set of channels to which a given name may be bound and of the set of channels that may be sent along a given channel. Besides a set of rules that permits one to validate a given solution, we also offer a constructive procedure that builds solutions in low polynomial time. Applications of our analysis include establishing two simple security properties of processes. One example is that P has no leaks: P offers communication to the external environment through public channels only and confines its secret channels within itself. The other example is connected to the no read-up/no write-down property of Bell and LaPadula: once processes are given levels of security clearance, we check that a process at a high level never sends channels to processes at a lower level.

[1]  Davide Sangiorgi,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[2]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[3]  Rocco De Nicola,et al.  Types for access control , 2000, Theor. Comput. Sci..

[4]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[5]  Jens Palsberg,et al.  Object-oriented type systems , 1994, Wiley professional computing.

[6]  Olin Shivers,et al.  Control flow analysis in scheme , 1988, PLDI '88.

[7]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[8]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[9]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[10]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[11]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[12]  Patrick Cousot,et al.  Types as abstract interpretations , 1997, POPL '97.

[13]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[14]  Roberto M. Amadio An Asynchronous Model of Locality, Failurem and Process Mobility , 1997, COORDINATION.

[15]  Martín Abadi,et al.  Protection in Programming-Language Translations , 1998, ICALP.

[16]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[17]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[18]  Robin Milner,et al.  Modal Logics for Mobile Processes , 1991, Theor. Comput. Sci..

[19]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[20]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[21]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[22]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[23]  Mads Dam Proving trust in systems of second-order processes , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[24]  VolpanoDennis,et al.  A sound type system for secure flow analysis , 1996 .

[25]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[26]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[27]  Flemming Nielson,et al.  Abstract interpretation of mobile ambients , 2003, Sci. Comput. Program..

[28]  Peter Sewell Global/Local Subtyping and Capability Inference for a Distributed pi-calculus , 1998, ICALP.

[29]  Flemming Nielson,et al.  Control-Flow Analysis in Cubic Time , 2001, ESOP.

[30]  F. Nielson,et al.  Static Analysis of Processes for No Read-Up and No Write-Down , 1999 .

[31]  Flemming Nielson,et al.  Control Flow Analysis for the pi-calculus , 1998, CONCUR.

[32]  Arnaud Venet,et al.  Automatic Determination of Communication Topologies in Mobile Systems , 1998, SAS.

[33]  Jeffrey S. Fenton Information Protection Systems , 1973 .

[34]  Cosimo Laneve,et al.  Implicit Typing à la ML for the Join-Calculus , 1997, CONCUR.

[35]  Matthew Hennessy A Typed Language for Distributed Mobile Processes , 1998 .

[36]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[37]  Martín Abadi,et al.  Secrecy by Typing inSecurity Protocols , 1997, TACS.

[38]  Flemming Nielson,et al.  Systematic realisation of control flow analyses for CML , 1997, ICFP '97.

[39]  B. Pierce,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[40]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[41]  Flemming Nielson,et al.  Static Analysis of Processes for No and Read-Up nad No Write-Down , 1999, FoSSaCS.

[42]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[43]  Mads Dam,et al.  Analysis and Verification of Multiple-Agent Languages , 1996, Lecture Notes in Computer Science.

[44]  James Riely,et al.  A typed language for distributed mobile processes (extended abstract) , 1998, POPL '98.

[45]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[46]  Mads Dam Analysis and verification of multiple-agent languages : 5th LOMAPS Workshop, Stockholm, Sweden, June 24-26, 1996 : selected papers , 1997 .

[47]  Arnaud Venet,et al.  Abstract Interpretation of the pi-Calculus , 1996, LOMAPS.

[48]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[49]  Flemming Nielson,et al.  Validating Firewalls in Mobile Ambients , 1999, CONCUR.

[50]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[51]  Hanne Riis Nielson,et al.  Control flow analysis for the π-calculus , 1998 .

[52]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.