Detecting illegal information flow using abstract interpretation and model checking
نویسندگان
چکیده
This paper describes the status of a joint project between Gemplus and ONERA. It presents an approach enabling a smart card issuer to verify that a new applet securely interacts with already loaded applets. A security policy has been defined that associates levels to applet attributes and methods and defines authorized flows between levels. We propose a technique based on model checking to verify that actual information flows between applets are authorized. In this paper, we focus on the development of the prototype of the analyzer.
منابع مشابه
Checking secure information flow in Java bytecode by code transformation and standard bytecode verification
A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error d...
متن کاملInformation flow security in tree-manipulating processes
This work describes methods to verify information flow properties of processes manipulating tree-structured data. The developed techniques can be applied, e.g., to enterprise workflows and web service technologies, where data is frequently represented in the form of XML documents. These systems are highly security critical, because they may be in control of important processes of organizations,...
متن کاملTowards Automatic Stability Analysis for Rely-Guarantee Proofs
The Rely-Guarantee approach is a well-known compositional method for proving Hoare logic properties of concurrent programs. In this approach, predicates in the proof must be proved invariant (or stable) under interference from the environment. We describe a framework, and a prototype implementation, for automatically detecting and repairing instability in such proofs. The method uses a combinat...
متن کاملProgram Analysis as Model Checking of Abstract Interpretations
Interpretations David Schmidt Bernhard Steffen Kansas State University ? (USA) Universität Dortmund (D) Abstract. This paper presents a collection of techniques, a methodology, in which abstract interpretation, flow analysis, and model checking are employed in the representation, abstraction, and analysis of programs. The methodology shows the areas of intersection of the different techniques a...
متن کاملJCSI: A tool for checking secure information flow in Java Card applications
This paper describes a tool for checking secure information flow in Java Card applications. The tool performs a static analysis of Java Card CAP files and includes a CAP viewer. The analysis is based on the theory of abstract interpretation and on a multi-level security policy assignment. Actual values of variables are abstracted into security levels, and bytecode instructions are executed over...
متن کامل