A Theorem Proving Approach to Analysis of Secure Information Flow
نویسندگان
چکیده
Most attempts at analysing secure information flow in programs are based on domain-specific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. We recast the information flow problem in a general program logic rather than a problem-specific one. We investigate the feasibility of this approach by showing how a general purpose tool for software verification can be used to perform information flow analyses. We are able to prove security and insecurity of programs including advanced features such as method calls, loops, and object types for the target language Java Card. In addition, we can express declassification of information.
منابع مشابه
A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملCombining Graph-Based and Deductive Information-Flow Analysis for Proving Non-Interference
Modern systems are getting more and more complex. This is especially crucial for securitycritical systems, as with increasing complexity, also errors/bugs are more likely to occur. Information flow control (IFC) is a category of techniques for enforcing information flow properties and thus for ensuring that systems are secure. An approach that uses a combination of automatic and interactive tec...
متن کاملA Theorem Proving Approach to Secure Information Flow in Concurrent Programs (Extended Abstract)
We present an approach to formally prove secure information flow in multi-threaded programs. We start with a precise formalization of noninterference in dynamic logic and then use the rely/guarantee approach to reduce this to thread-modular properties, that can be checked locally. A sound and complete calculus ensures that these properties can be proven without false positives. Currently, we wo...
متن کاملTheory for Software Verification
interpretation. Theo. Comp. Sci. 277, 1–2, 47–103. Cousot, P. and Cousot, R. 1977. Abstract interpretation: a unified lattice model for staticanalysis of programs by construction or approximation of fixpoints. In ACM Symp. on Prin. of Prog. Lang. 238–252. Cousot, P. and Cousot, R. 1992. Inductive definitions, semantics and abstract interpretation. In ACM Symp. on Prin. of Prog. Lang. 83–94....
متن کامل