Skip to main content
SpringerLink
Log in

Model checking the observational determinism security property using PROMELA and SPIN

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

Observational determinism is a property that ensures the confidentiality in concurrent programs. It conveys that public variables are independent of private variables during the execution of programs, and the scheduling policy of threads. Different definitions for observational determinism have been proposed. On the other hand, observational determinism is not a standard property and it should be checked over two or more executions of a program. The self-composition approach allows comparing two different copies of a program using a single formula. In this paper, we propose a new specification for the observational determinism security property in linear temporal logic. We also present a general method to create the appropriate program model using the self-composition approach. Both the program model and the observational determinism property are encoded in embedded C codes in PROMELA using the SPIN model checker. The paper also discusses a method for the instrumentation of PROMELA code in order to encode the program model for specifying the observational determinism security property.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bier C, Kateon JP (2008) Principles of model checking. MIT Press, Cambridge

    Google Scholar 

  2. Goguen J, Meseguer J (1982) Security policies and security models. In: Proceedings of the IEEE symposium on security and privacy, pp 11–20

  3. Roscoe A (1995) CSP and determinism in security modelling. In: Proceedings of the IEEE symposium on security and privacy, pp 114–127

  4. McLean J (1994) A general theory of composition for trace sets closed under selective interleaving functions. In: Proceedings of the IEEE symposium on security and privacy, pp 79–93

  5. Barthe G, D’Argenio P, Rezk T (2004) Secure information flow by self-composition. In: Proceedings of the computer security foundation workshop (CSFW’17)

  6. Holzmann GJ (2003) The SPIN model checker. Addison Wesley, Boston

    Google Scholar 

  7. SPIN Online References [Online]. http://spinroot.com/spin/Man/index.html

  8. Huth M, Ryan M (2004) Logic in computer science: modeling and reasoning about systems, 2nd edn. Cambridge University press, Cambridge

    Book  Google Scholar 

  9. Terauchi T, Aiken A (2005) Secure information flow as a safety problem. In: Proceedings of the 12th international conference on static analysis, pp 352–367

  10. Dimitrova R, Finkbeiner B, Kovacs M, Rabe MN, Seidl H (2012) Model checking information flow in reactive systems. In: Proceedings of the 13th international conference on verification, model checking, and abstract interpretation, pp 169–185

  11. Zdancewic S, Myers AC (2003) Observational determinism for concurrent program security. In: Proceedings of the 16th IEEE computer security foundations workshop, pp 29–43

  12. Huisman M, Worah P, Sunesen K (2006) A temporal logic characterisation of observational determinism. In: Proceedings of the 19th IEEE computer security foundations workshop, pp 1–13

  13. Terauchi T (2008) A type system for observational determinism. In: Proceedings of the 21st IEEE computer security foundation symposium (CSF’08), pp 287–300

  14. Huisman M, Ngo TM (2011) Scheduler-specific confidentiality for multi-threaded programs and its logic-based verification. In: Proceedings of the 2nd international conference on formal verification of object-oriented systems (FoVeOOS’11). LNCS 7421:178–195

  15. Huisman M, Ngo TM (2011) Scheduler-related confidentiality for multi-threaded programs. Technical report TR-CTIT-11-22, Centre for Telematics and Information Technology, University of Twente

  16. Huisman M, Blondeel HC (2011) Model-checking secure information flow for multi-threaded programs. In: Proceedings of the joint workshop on theory of security and applications (TOSCA). LNCS 6993:148–165

  17. The Edinburgh Concurrency Workbench [Online]. http://homepages.inf.ed.ac.uk/perdita/cwb/

  18. Alur R, Cerny P, Chaudhuri S (2007) Model checking on trees with path equivalences. In: Proceedings of the 13th international conference on tools and algorithms for the construction and analysis of systems (TACAS’07). LNCS 4424:664–678

  19. Denning DE (1976) A lattice model of secure information flow. Commun ACM 19(5): 236–243

    Article  MATH  MathSciNet  Google Scholar 

  20. Ruys TC (2001) Towards effective model checking. Ph.D. Thesis, Faculty of Natural Sciences, Mathematics and Computer Science

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran

    Maryam Dabaghchian

  2. Trsutworthy Computing Laboratory, School of Computer Engineering, Iran University of Science and Technology, Hengam St., Resalat Sq., Tehran, Iran

    Mohammad Abdollahi Azgomi

Authors
  1. Maryam Dabaghchian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Abdollahi Azgomi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Abdollahi Azgomi.

Additional information

Communicated by Jin Song Dong

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dabaghchian, M., Abdollahi Azgomi, M. Model checking the observational determinism security property using PROMELA and SPIN. Form Asp Comp 27, 789–804 (2015). https://doi.org/10.1007/s00165-014-0331-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-014-0331-x

Keywords

Search

Navigation