Verifying Information Flow Control over Unbounded Processes
نویسندگان
چکیده
Decentralized Information Flow Control (DIFC) systems enable programmers to express a desired DIFC policy, and to have the policy enforced via a reference monitor that restricts interactions between system objects, such as processes and files. Current research on DIFC systems focuses on the referencemonitor implementation, and assumes that the desired DIFC policy is correctly specified. The focus of this paper is an automatic technique to verify that an application, plus its calls to DIFC primitives, does indeed correctly implement a desired policy. We present an abstraction that allows a model checker to reason soundly about DIFC programs that manipulate potentially unbounded sets of processes, principals, and communication channels. We implemented our approach and evaluated it on a set of real-world programs.
منابع مشابه
Verifying Information Flow Over Unbounded Processes
Distributed Information Flow Control (DIFC) systems enable programmers to express desired information-flow policies, and enforce the policies via a reference monitor that restricts interactions between system objects, such as processes and files. Current research on DIFC systems focuses on the reference-monitor implementation, and assumes that the application correctly enforces the desired info...
متن کاملCalculated Secure Processes
This paper introduces a versatile operator for modifying CSP processes to satisfy particular information flow security requirements. We present and justify an algebraic semantics for this operator, which allows us to derive secure processes from (potentially) insecure processes in a calculational style. Moreover, the operator simplifies the task of verifying the security of processes.
متن کاملUsing Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom
We consider the problem of verifying deadlock freedom for symmetric cache coherence protocols. While there are multiple definitions of deadlock in the literature, we focus on a specific form of deadlock which is useful for the cache coherence protocol domain and consistent with the internal definition of deadlock in the Murphi model checker: we refer to this deadlock as a systemwide deadlock (s...
متن کاملLinear Control Systems on Unbounded Time Intervals and Invariant Measures of Ornstein--Uhlenbeck Processes in Hilbert Spaces
We consider linear control systems in a Hilbert space over an unbounded time interval of the form y′ α(t) = (A− αI)yα(t) +Bu(t), t ∈ (−∞, T ], with bounded control operator B, under appropriate stability assumptions on the operator A. We study how the space of states reachable at time T depends on the parameter α ≥ 0. We apply the results to study the dependence on α of the Cameron–Martin space...
متن کاملThe BNAI Analyzer: A Tool for Verifying Admissible Information Flow in Protocols
We present a tool for verifying a new security property of protocols namely bisimulation-based non-deterministic admissible interference or BNAI. This property specifies the absence of information flow from confidential channels to public ones in selected parts of the protocol’s execution. The tool’s first version applies to protocols described by finite-state communicating processes and output...
متن کامل