Proving Abstract Non-interference
نویسندگان
چکیده
In this paper we introduce a compositional proof-system for certifying abstract non-interference in programming languages. Certifying abstract noninterference means proving that no unauthorized flow of information is observable by the attacker from confidential to public data. The properties of the computation that an attacker may observe are specified as an abstract domain. Assertions specify the secrecy of a program relatively to the given attacker and the proofsystem specifies how these assertions can be composed in a syntax-directed a la Hoare deduction of secrecy. We prove that the proof-system is sound relatively to the standard semantics of an imperative programming language. This provides a sound proof-system for both certifying secrecy in language-based security and deriving attackers which do not violate secrecy inductively on program’s syntax.
منابع مشابه
Proving Reachability and Non-Interference in B
This paper proposes an approach to prove interference freedom for a reachability property of the form AG ψ ⇒ EF φ in a B specification. Such properties frequently occur in security policies and information systems. Reachability is proved by constructing using stepwise algorithmic refinement an abstract program that refines AG ψ ⇒ EF φ. We propose proof obligations to show non-interference, ie, ...
متن کاملNon-Interference and Erasure Policies for Java Card Bytecode
Non-interference is the property of a program not to leak any secret information. In this paper we propose a notion of non-interference for an abstract version of the Java Card bytecode language. Furthermore an information-flow analysis for verifying non-interference is developed and proved sound and correct with respect to the formal semantics of the language. The information-flow analysis can...
متن کاملStatic Analysis of Non-interference in Expressive Low-Level Languages
Early work in implicit information flow detection applied only to flat, procedureless languages with structured control-flow (e.g., if statements, while loops). These techniques have yet to be adequately extended and generalized to expressive languages with interprocedural, exceptional and irregular control-flow behavior. We present an implicit information flow analysis suitable for languages w...
متن کاملA Theorem Proving Approach to Secure Information Flow in Concurrent Programs (Extended Abstract)
We present an approach to formally prove secure information flow in multi-threaded programs. We start with a precise formalization of noninterference in dynamic logic and then use the rely/guarantee approach to reduce this to thread-modular properties, that can be checked locally. A sound and complete calculus ensures that these properties can be proven without false positives. Currently, we wo...
متن کاملGeneralized Abstract Non-interference: Abstract Secure Information-Flow Analysis for Automata
Secure Information-flow Analysis for Automata Roberto Giacobazzi and Isabella Mastroeni Dipartimento di Informatica Università di Verona, Italy (roberto.giacobazzi@ | mastroeni@sci.)univr.it Abstract. Abstract non-interference has been introduced as a weakening non-interference which models attackers as abstract interpretations (i.e., static analyzers) of programming language semantics. In this...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004