Model Checking Information Flow in Reactive Systems

Dimitrova, Rayna; Finkbeiner, Bernd; Kovács, Máté; Rabe, Markus N.; Seidl, Helmut

doi:10.1007/978-3-642-27940-9_12

Cited by 54 publications

(52 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While several verification techniques for hyperproperties exists [5,31,38,42], the literature was missing general approaches to quantitative information-flow control. SecLTL [25] was introduced as first general approach to model check (quantitative) hyperproperties, before HyperLTL [18], and its corresponding model checker [26], was introduced as a temporal logic for hyperproperties, which subsumes the previous approaches.…”

Section: Related Workmentioning

confidence: 99%

Model Checking Quantitative Hyperproperties

Finkbeiner

Hahn

Torfah

2018

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Abstract. Hyperproperties are properties of sets of computation traces. In this paper, we study quantitative hyperproperties, which we define as hyperproperties that express a bound on the number of traces that may appear in a certain relation. For example, quantitative non-interference limits the amount of information about certain secret inputs that is leaked through the observable outputs of a system. Quantitative noninterference thus bounds the number of traces that have the same observable input but different observable output. We study quantitative hyperproperties in the setting of HyperLTL, a temporal logic for hyperproperties. We show that, while quantitative hyperproperties can be expressed in HyperLTL, the running time of the HyperLTL model checking algorithm is, depending on the type of property, exponential or even doubly exponential in the quantitative bound. We improve this complexity with a new model checking algorithm based on model-counting. The new algorithm needs only logarithmic space in the bound and therefore improves, depending on the property, exponentially or even doubly exponentially over the model checking algorithm of HyperLTL. In the worst case, the new algorithm needs polynomial space in the size of the system. Our Max#Sat-based prototype implementation demonstrates, however, that the counting approach is viable on systems with nontrivial quantitative information flow requirements such as a passcode checker.

show abstract

Section: Related Workmentioning

confidence: 99%

Model Checking Quantitative Hyperproperties

Finkbeiner

Hahn

Torfah

2018

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

show abstract

“…Recently, the "when" aspect of declassification has been included as first-class citizen in customized temporal logics [6,9], which can express aspects of our desired properties, e.g., "unless/until he becomes an author". Their work is focused on efficiently model-checking finite systems, whereas we are interested in verifying an infinite system.…”

Section: Relevant Literaturementioning

confidence: 99%

A Conference Management System with Verified Document Confidentiality

Kanav

Lammich

Popescu

2014

Computer Aided Verification

View full text Add to dashboard Cite

“…However, several model checking approaches, which were recently proposed [24,25], define fragments of logics for which verification is feasible. An interesting future direction would be to devise fragments of L KPLTL for which model checking has low complexity.…”

Section: Temporal Epistemic Logic With Pastmentioning

confidence: 99%

Secure IT Systems

Nielson¹,

Gollmann²

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Securing communication in large scale distributed systems is an open problem. When multiple principals exchange sensitive information over a network, security and privacy issues arise immediately. For instance, in an online auction system we may want to ensure that no bidder knows the bids of any other bidder before the auction is closed. Such systems are typically interactive/reactive and communication is mostly asynchronous, lossy or unordered. Language-based security provides language mechanisms for enforcing end-to-end security. However, with few exceptions, previous research has mainly focused on relational or synchronous models, which are generally not suitable for distributed systems. This paper proposes a general knowledge-based account of possibilistic security from a language perspective and shows how existing trace-based conditions fit in. A syntactic characterization of these conditions, given by an epistemic temporal logic, shows that existing model checking tools can be used to enforce security.

show abstract

Model Checking Information Flow in Reactive Systems

Cited by 54 publications

References 16 publications

Model Checking Quantitative Hyperproperties

Model Checking Quantitative Hyperproperties

A Conference Management System with Verified Document Confidentiality

Secure IT Systems

Contact Info

Product

Resources

About