Pedro R. D’Argenio scite author profile

Secure information flow by self-composition

Barthe

¹

,

D’Argenio

²

,

³

View full text Add to dashboard Cite

Information flow policies are confidentiality policies that control information leakage through program execution. A common means to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proven sound for each new single variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism to enforce a variety of safety policies, and for this reason are favored in Proof Carrying Code, a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward, because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, that reduces the problem of secure information flow of a program P to a safety property for a programP derived from P , by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policies verification, such as program logics and model checking, suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages such as an imperative language with parallel composition, a non-deterministic language, and finally a language with shared mutable data structures.

show abstract

Secure information flow by self-composition

Barthe¹,

D’Argenio²,

Rezk³

2011

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

Information flow policies are confidentiality policies that control information leakage through program execution. A common means to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proven sound for each new single variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism to enforce a variety of safety policies, and for this reason are favored in Proof Carrying Code, a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward, because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, that reduces the problem of secure information flow of a program P to a safety property for a programP derived from P , by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policies verification, such as program logics and model checking, suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages such as an imperative language with parallel composition, a non-deterministic language, and finally a language with shared mutable data structures.

show abstract

Testing timed automata

Springintveld

¹

,

Vaandrager

²

,

D’Argenio

³

2001

Theoretical Computer Science

View full text Add to dashboard Cite

Reachability Analysis of Probabilistic Systems by Successive Refinements

D’Argenio

¹

,

Jeannet

²

,

Jensen

³

et al. 2001

View full text Add to dashboard Cite

MODEST: A Compositional Modeling Formalism for Hard and Softly Timed Systems

Bohnenkamp

¹

,

D’Argenio

²

,

Hermanns

³

et al. 2006

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

This paper presents MODEST (MOdeling and DEscription language for Stochastic Timed systems), a formalism that is intended to support 1) the modular description of reactive systems' behavior while covering both 2) functional and 3) nonfunctional system aspects such as timing and quality-of-service constraints in a single specification. The language contains features such as simple and structured data types, structuring mechanisms like parallel composition and abstraction, means to control the granularity of assignments, exception handling, and nondeterministic and random branching and timing. MODEST can be viewed as an overarching notation for a wide spectrum of models, ranging from labeled transition systems to timed automata (and probabilistic variants thereof), as well as prominent stochastic processes such as (generalized semi-)Markov chains and decision processes. The paper describes the design rationales and details of the syntax and semantics.

show abstract

Pedro R. D’Argenio

Secure information flow by self-composition

Secure information flow by self-composition

Testing timed automata

Reachability Analysis of Probabilistic Systems by Successive Refinements

MODEST: A Compositional Modeling Formalism for Hard and Softly Timed Systems

Contact Info

Product

Resources

About