Model checking security properties of control flow graphs

Besson, Frédéric; Jensen, Thomas; Métayer, Daniel Le; Thorn, Tommy

doi:10.3233/jcs-2001-9303

Cited by 57 publications

(76 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Perhaps the principal division between previous approaches to the enforcement of trace based program properties is between those systems that detect errors at run-time [26,22,31,7,6,1,13], vs. those that detect errors at compile-time [3,11,8,30]. Run-time approaches are more accurate since a compiletime analysis must conservatively approximate what events could occur; the compiletime analysis will also reject some safe programs, due to the need to be conservative.…”

Section: Compile-time Vs Run-time Verificationmentioning

confidence: 99%

“…Trace Specification Logics and Model Checking Some of the aforecited systems also automatically verify assertions at compile-time via model-checking, including [3,11,8], though none of these define a rigorous process for extracting an LTS from higherorder programs. In these works, the specifications are temporal logics, regular languages, or finite automata, and the abstract control flow is extracted as an LTS in the form of a finite automaton, grammar, or PDA.…”

Section: Compile-time Vs Run-time Verificationmentioning

confidence: 99%

“…[21,8] assume that some (undefined) algorithm has already converted a program to a control flow graph, expressed as a form of PDA.…”

Section: Compile-time Vs Run-time Verificationmentioning

confidence: 99%

“…The systems in [12,9,21,8] use LTSs extracted from control-flow graph abstractions to model-check program security properties expressed in temporal logic. Their approach is close in several respects, but we are primarily focused on the programming language as opposed to the model-checking side of the problem.…”

Section: Compile-time Vs Run-time Verificationmentioning

confidence: 99%

See 3 more Smart Citations

Types and trace effects of higher order programs

2007

View full text Add to dashboard Cite

Abstract. This paper shows how type effect systems can be combined with model-checking techniques to produce powerful, automatically verifiable program logics for higher order programs. The properties verified are based on the ordered sequence of events that occur during program execution, so called event traces. Our type and effect systems infer conservative approximations of the event traces arising at run-time, and model-checking techniques are used to verify logical properties of these histories. Our language model is based on the λ-calculus. Technical results include a type inference algorithm for a polymorphic type effect system, and a method for applying known model-checking techniques to the trace effects inferred by the type inference algorithm, allowing static enforcement of history-and stack-based security mechanisms. A type safety result is proven for both unification and subtyping constraint versions of the type system, ensuring that statically well-typed programs do not contain trace event checks that can fail at run-time.

show abstract

Section: Compile-time Vs Run-time Verificationmentioning

confidence: 99%

Section: Compile-time Vs Run-time Verificationmentioning

confidence: 99%

“…[21,8] assume that some (undefined) algorithm has already converted a program to a control flow graph, expressed as a form of PDA.…”

Section: Compile-time Vs Run-time Verificationmentioning

confidence: 99%

Section: Compile-time Vs Run-time Verificationmentioning

confidence: 99%

See 2 more Smart Citations

Types and trace effects of higher order programs

2007

View full text Add to dashboard Cite

show abstract

“…Most static analyses approximate stack inspection in terms of permissions [4,5,1,2,11]. Our proposed analysis is unique in that it compute success or fail information in terms of permission checks.…”

Section: Related Workmentioning

confidence: 99%

Visualization of Permission Checks in Java Using Static Analysis

Kim

Chang

Information Security Applications

View full text Add to dashboard Cite

Abstract. The security manager in Java 2 is a runtime access control mechanism. Whenever an access permission to critical resources is requested, the security manager inspects a call stack to examine whether the program has appropriate access permissions or not. This run-time permission check called stack inspection enforces access-control policies that associate access rights with the class that initiates the access. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. It is based on the static permission check analysis which approximates permission checks statically which must succeed or fail at each method. Using the visualization system, programmers can modify programs and policy files if necessary, as they examine how permission checks and their stack inspection are performed. This process can be repeated until the security policy is enforced correctly.

show abstract

Formal Methods for Smartcard Security

Barthe

Dufay

2005

Foundations of Security Analysis and Design III

View full text Add to dashboard Cite

Abstract. Smartcards are trusted personal devices designed to store and process confidential data, and to act as secure tokens for providing access to applications and services. Smartcards are widely deployed and their usage spans over several application domains including banking, telecommunications, and identity.Open platform smartcards are new generation trusted personal devices with increased flexibility. Such devices, which benefit of increased connectivity and increased interoperability, can host several applets and allow new applets to be loaded post-issuance. Such an increased flexibility raises concerns about the possibility of logical attacks that could affect a very large number of devices, and requires the development of techniques and tools that can be used to increase the reliability of platforms and applications for trusted personal devices. The objective of this chapter is to describe some applications of formal methods to increase the reliability of smartcards and trusted personal devices.

show abstract

Model checking security properties of control flow graphs

Cited by 57 publications

References 39 publications

Types and trace effects of higher order programs

Types and trace effects of higher order programs

Visualization of Permission Checks in Java Using Static Analysis

Formal Methods for Smartcard Security

Contact Info

Product

Resources

About