EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties

We introduce EAHyper, the first tool for the automatic checking of satisfiability, implication, and equivalence of hyperproperties. Hyperproperties are system properties that relate multiple computation traces. A typical example is an information flow policy that compares the observations made by an external observer on execution traces that result from different values of a secret variable. EAHyper analyzes hyperproperties that are specified in HyperLTL, a recently introduced extension of linear-time temporal logic (LTL). HyperLTL uses trace variables and trace quantifiers to refer to multiple execution traces simultaneously. Applications of EAHyper include the automatic detection of specifications that are inconsistent or vacuously true, as well as the comparison of multiple formalizations of the same policy, such as different notions of observational determinism.

[1]  Bernd Finkbeiner,et al.  Runtime Verification for HyperLTL , 2016, RV.

[2]  Bernd Finkbeiner,et al.  Algorithms for Model Checking HyperLTL and HyperCTL ^* , 2015, CAV.

[3]  Lijun Zhang,et al.  LTL Satisfiability Checking Revisited , 2013, 2013 20th International Symposium on Temporal Representation and Reasoning.

[4]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[5]  Alexandre Duret-Lutz Manipulating LTL Formulas Using Spot 1.0 , 2013, ATVA.

[6]  Bernd Finkbeiner,et al.  Specifying and Verifying Secrecy in Workflows with Arbitrarily Many Agents , 2016, ATVA.

[7]  John McLean,et al.  Proving Noninterference and Functional Correctness Using Traces , 1992, J. Comput. Secur..

[8]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[9]  Stefan Schwendimann,et al.  A New One-Pass Tableau Calculus for PLTL , 1998, TABLEAUX.

[10]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[11]  Bernd Finkbeiner,et al.  Deciding Hyperproperties , 2016, CONCUR.

[12]  Andrew C. Myers,et al.  Observational determinism for concurrent program security , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[13]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[14]  David Clark,et al.  Quantified Interference for a While Language , 2005, QAPL.

[15]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[16]  Bernd Finkbeiner,et al.  Temporal Logics for Hyperproperties , 2013, POST.

[17]  Markus N. Rabe,et al.  A temporal logic approach to iInformation-flow control , 2016 .