A Theorem Proving Approach to Analysis of Secure Information Flow

Darvas, Ádám; Hähnle, Reiner; Sands, David

doi:10.1007/978-3-540-32004-3_20

Cited by 152 publications

(183 citation statements)

References 18 publications

Supporting

Mentioning

183

Contrasting

Order By: Relevance

“…Therefore, such an encoding is impractical for our purposes, since we aim to capture information flow policies without changing the verification logic every time that the security property needs to be adapted. More recently, Darvas, Hähnle, and Sands (2005) have shown how dynamic logic may be used to verify non-interference and some declassification policies of (sequential) Java programs. As in Andrews and Reitman's encoding, non-interference of a program P is captured by a formula over P -in this case a formula in dynamic logic.…”

Section: Introductionmentioning

confidence: 99%

Secure information flow by self-composition

Barthe¹,

D’Argenio²,

Rezk³

2011

Math. Struct. Comp. Sci.

165

214

View full text Add to dashboard Cite

Information flow policies are confidentiality policies that control information leakage through program execution. A common means to enforce secure information flow is through information flow type systems. Although type systems are compositional and usually enjoy decidable type checking or inference, their extensibility is very poor: type systems need to be redefined and proven sound for each new single variation of security policy and programming language for which secure information flow verification is desired. In contrast, program logics offer a general mechanism to enforce a variety of safety policies, and for this reason are favored in Proof Carrying Code, a promising security architecture for mobile code. However, the encoding of information flow policies in program logics is not straightforward, because they refer to a relation between two program executions. The purpose of this paper is to investigate logical formulations of secure information flow based on the idea of self-composition, that reduces the problem of secure information flow of a program P to a safety property for a programP derived from P , by composing P with a renaming of itself. Self-composition enables the use of standard techniques for information flow policies verification, such as program logics and model checking, suitable in Proof Carrying Code infrastructures. We illustrate the applicability of self-composition in several settings, including different security policies such as non-interference and controlled forms of declassification, and programming languages such as an imperative language with parallel composition, a non-deterministic language, and finally a language with shared mutable data structures.

show abstract

Section: Introductionmentioning

confidence: 99%

Secure information flow by self-composition

Barthe¹,

D’Argenio²,

Rezk³

2011

Math. Struct. Comp. Sci.

165

214

View full text Add to dashboard Cite

show abstract

“…This thesis discusses a method to encode the information flow property as a temporal logic property. To do this, we implement the idea of self-composition -a construction where a program is composed with its copy and each program copy keeps an independent memory [34,15]. Basically, we construct a program model that executes the program to be verified twice, in parallel with itself.…”

Section: Logic-based Verificationmentioning

confidence: 99%

“…Therefore, recent work on adopting techniques from model checking [16,34,48] is emerging as an alternative approach to gain better precision. This thesis develops different methods to verify our information flow properties by combining newly developed and existing model-checking algorithms.…”

Section: Introductionmentioning

confidence: 99%

“…Self-composition is a technique to transform the verification of information flow properties into a standard safety verification problem [15,34]. The basic idea is that we compose a program C with a copy, denoted C , i.e., we execute C and C in parallel, and consider C||C as a single program (called a selfcomposed program).…”

Section: Introductionmentioning

confidence: 99%

“…The basic idea is that we compose a program C with a copy, denoted C , i.e., we execute C and C in parallel, and consider C||C as a single program (called a selfcomposed program). Program C is a copy of C, but all variables are renamed to make them distinguishable from the variables in C [15,34]. In this composed model, the two programs C and C are still distinguished; and therefore, we can express the information flow property as a property over the execution traces of the self-composed program C||C .…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Qualitative and quantitative information flow analysis for multi-threaded programs

Ngo¹

View full text Add to dashboard Cite

Web Application Security—Past, Present, and Future

Huang

Lee

Computer Security in the 21st Century

View full text Add to dashboard Cite

Web application security remains a major roadblock to universal acceptance of the Web for many kinds of online transactions, especially since the recent sharp increase in remotely exploitable vulnerabilities has been attributed to Web application bugs. In software engineering, software testing is an established and well-researched process for improving software quality. Recently formal verification tools have also shown success in discovering vulnerabilities in C programs. In this chapter we shall discuss how to apply software testing and verification algorithms to Web applications and improve their security attributes. Two of the most common Web application vulnerabilities that are known to date are script injection, e.g., SQL injection, and cross-site scripting (XSS). We will formalize these vulnerabilities as problems related to information flow security-a conventional topic in security research. Using this formalization, we then present two tools, WAVES (Web Application Vulnerability and Error Scanner) and WebSSARI (Web Application Security via Static Analysis and Runtime Inspection), which respectively utilize software testing and verification to deal in particular with script injection and XSS and address in general the Web application security problems. Finally we will present some results obtained by applying these tools to real-world Web applications that are in use today, and give some suggestions about the future research direction in this area.

show abstract

A Theorem Proving Approach to Analysis of Secure Information Flow

Cited by 152 publications

References 18 publications

Secure information flow by self-composition

Secure information flow by self-composition

Qualitative and quantitative information flow analysis for multi-threaded programs

Web Application Security—Past, Present, and Future

Contact Info

Product

Resources

About