Integration of a security type system into a program logic

Hähnle, Reiner; Pan, Jing; Rümmer, Philipp; Walter, Dennis

doi:10.1016/j.tcs.2008.04.033

Cited by 13 publications

(15 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indeed, Hähnle et al [18] recently presented an encoding of Hunt and Sands' type system in a formalism called dynamic logic with updates. The authors demonstrate how the expressiveness of logic complements the efficiency of type systems, and outline how the approach may be used to analyse exceptional behaviour.…”

Section: Discussionmentioning

confidence: 99%

“…Several approaches have been developed for verifying adherence to non-interference policies, including (conservative) static analyses phrased as type systems [37,32,29] or abstract interpretations [15,20], flow logics [13], specialpurpose program logics [3,2,6], and encodings in relational or dynamic program logics [9,18]. Self-composition [23,1,7,36] is a recent approach that avoids the consideration of two executions of C for ∼-related initial states.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Secure information flow and program logics

Beringer¹,

Hofmann²

2007

20th IEEE Computer Security Foundations Symposium (CSF'07)

View full text Add to dashboard Cite

We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in binary (e.g. relational) program logics. Treating base-line non-interference, multi-level security and flow sensitivity for a while language, we show how typing derivations may be used to automatically generate proofs in the program logic that certify the absence of illicit flows. In addition, we present proof rules for baseline non-interference for object-manipulating instructions, As a consequence, standard verification technology may be used for verifying that a concrete program satisfies the noninterference property. Our development is based on a formalisation of the encodings in Isabelle/HOL.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Secure information flow and program logics

Beringer¹,

Hofmann²

2007

20th IEEE Computer Security Foundations Symposium (CSF'07)

View full text Add to dashboard Cite

show abstract

“…McDermid and Shi [47] and Shaffer et al [61] focussed on identifying system vulnerabilities at the implementation level through static analysis techniques. A variety of other approaches captured information flow security requirements using various formalisms including state machines (e.g., [62]), Petri nets (e.g., [67]), process algebras (e.g., [15]), typing systems (e.g., [23], [30], [39], [69]), and axiom systems (e.g., [4], [59]). …”

Section: Information Flow Analysismentioning

confidence: 99%

Identifying Implicit Component Interactions in Distributed Cyber-Physical Systems

Jaskolka

Villasenor

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

Modern distributed systems and networks, like those found in cyber-physical system domains such as critical infrastructures, contain many complex interactions among their constituent software and/or hardware components. Despite extensive testing of individual components, security vulnerabilities resulting from unintended and unforeseen component interactions (so-called implicit interactions) often remain undetected. This paper presents a method for identifying the existence of implicit interactions in designs of distributed cyber-physical systems using the algebraic modeling framework known as Communicating Concurrent Kleene Algebra (C 2 KA). Experimental results verifying the applicability of C 2 KA for identifying dependencies in system designs that would otherwise be very hard to find are also presented. More broadly, this research aims to advance the specification, design, and implementation of distributed cyber-physical systems with improved cybersecurity assurance by providing a new way of thinking about the problem of implicit interactions through the application of formal methods.

show abstract

“…In particular, Beringer and Hofmann have explored a semantical notion of self-composition, that dispenses from reasoning on a self-composed program, and showed how to generate automatically formal proofs of non-interference from valid typing derivations in several information flow type systems, including flowsensitive type systems and type systems for fragments of Java. In a similar spirit, Hähnle et al (2007) encode the flow sensitive type system of Hunt and Sands (2006) into an extension of dynamic logic with updates.…”

Section: Related Workmentioning

confidence: 99%

Secure information flow by self-composition

Barthe¹,

D’Argenio²,

Rezk³

2011

Math. Struct. Comp. Sci.

176

215

View full text Add to dashboard Cite

Information flow policies are confidentiality policies that control information leakage through program execution. A common means to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proven sound for each new single variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism to enforce a variety of safety policies, and for this reason are favored in Proof Carrying Code, a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward, because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, that reduces the problem of secure information flow of a program P to a safety property for a programP derived from P , by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policies verification, such as program logics and model checking, suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages such as an imperative language with parallel composition, a non-deterministic language, and finally a language with shared mutable data structures.

show abstract

Integration of a security type system into a program logic

Cited by 13 publications

References 29 publications

Secure information flow and program logics

Secure information flow and program logics

Identifying Implicit Component Interactions in Distributed Cyber-Physical Systems

Secure information flow by self-composition

Contact Info

Product

Resources

About