COVERN: A Logic for Compositional Verification of Information Flow Control

“…This construction applies to a broad range of security properties, including those specifiable in the HyperLTL logic [5]. When applied to automaton-based formulations of the non-interference and constant-time properties, the resulting proof rules are essentially identical to those developed in the literature in [7,8,17] for non-interference and in [3] for constant-time. Manna and Pnueli show in a beautiful paper [15] how to derive custom proof rules for deductive verification of a LTL property from an equivalent Büchi automaton; our constructions are inspired by this work.…”

“…We establish connections to known proof rules for preservation of the noninterference [7,8,17] and constant-time [3] properties. We show that under the assumptions of those rules, there is a simple and direct definition of a relation that meets the automaton-based refinement conditions for automata representing these properties.…”

“…Refinement-based proof rules for preservation of non-interference have been introduced in [7,8,17]. The rules are not identical but are substantially similar in nature, providing conditions under which an ordinary simulation relation, ≺, between programs C and S implies preservation of non-interference.…”

“…and How easy is it to generate and check witnesses for validity? Refinement proof systems are known only for two important security properties, non-interference [7,8,17] and constant-time execution [3].…”

Witnessing Secure Compilation

“…This construction applies to a broad range of security properties, including those specifiable in the HyperLTL logic [5]. When applied to automaton-based formulations of the non-interference and constant-time properties, the resulting proof rules are essentially identical to those developed in the literature in [7,8,17] for non-interference and in [3] for constant-time. Manna and Pnueli show in a beautiful paper [15] how to derive custom proof rules for deductive verification of a LTL property from an equivalent Büchi automaton; our constructions are inspired by this work.…”

“…We establish connections to known proof rules for preservation of the noninterference [7,8,17] and constant-time [3] properties. We show that under the assumptions of those rules, there is a simple and direct definition of a relation that meets the automaton-based refinement conditions for automata representing these properties.…”

“…Refinement-based proof rules for preservation of non-interference have been introduced in [7,8,17]. The rules are not identical but are substantially similar in nature, providing conditions under which an ordinary simulation relation, ≺, between programs C and S implies preservation of non-interference.…”

“…and How easy is it to generate and check witnesses for validity? Refinement proof systems are known only for two important security properties, non-interference [7,8,17] and constant-time execution [3].…”

Witnessing Secure Compilation

“…At the same time, recent work has heralded major advancements in program logics for reasoning about secure information flow [23,33,34]-i.e. whether programs properly protect their secrets-yielding the first general program logics and proofs of information flow security for non-trivial concurrent programs [34]. Yet so far, such logics have remained confined to interactive proof assistants, making them practically inaccessible to industrial developers.…”

SecCSL: Security Concurrent Separation Logic

Value-Dependent Information-Flow Security on Weak Memory Models