Abstract
Observational determinism is a property that ensures the confidentiality in concurrent programs. It conveys that public variables are independent of private variables during the execution of programs, and the scheduling policy of threads. Different definitions for observational determinism have been proposed. On the other hand, observational determinism is not a standard property and it should be checked over two or more executions of a program. The self-composition approach allows comparing two different copies of a program using a single formula. In this paper, we propose a new specification for the observational determinism security property in linear temporal logic. We also present a general method to create the appropriate program model using the self-composition approach. Both the program model and the observational determinism property are encoded in embedded C codes in PROMELA using the SPIN model checker. The paper also discusses a method for the instrumentation of PROMELA code in order to encode the program model for specifying the observational determinism security property.
Similar content being viewed by others
References
Bier C, Kateon JP (2008) Principles of model checking. MIT Press, Cambridge
Goguen J, Meseguer J (1982) Security policies and security models. In: Proceedings of the IEEE symposium on security and privacy, pp 11–20
Roscoe A (1995) CSP and determinism in security modelling. In: Proceedings of the IEEE symposium on security and privacy, pp 114–127
McLean J (1994) A general theory of composition for trace sets closed under selective interleaving functions. In: Proceedings of the IEEE symposium on security and privacy, pp 79–93
Barthe G, D’Argenio P, Rezk T (2004) Secure information flow by self-composition. In: Proceedings of the computer security foundation workshop (CSFW’17)
Holzmann GJ (2003) The SPIN model checker. Addison Wesley, Boston
SPIN Online References [Online]. http://spinroot.com/spin/Man/index.html
Huth M, Ryan M (2004) Logic in computer science: modeling and reasoning about systems, 2nd edn. Cambridge University press, Cambridge
Terauchi T, Aiken A (2005) Secure information flow as a safety problem. In: Proceedings of the 12th international conference on static analysis, pp 352–367
Dimitrova R, Finkbeiner B, Kovacs M, Rabe MN, Seidl H (2012) Model checking information flow in reactive systems. In: Proceedings of the 13th international conference on verification, model checking, and abstract interpretation, pp 169–185
Zdancewic S, Myers AC (2003) Observational determinism for concurrent program security. In: Proceedings of the 16th IEEE computer security foundations workshop, pp 29–43
Huisman M, Worah P, Sunesen K (2006) A temporal logic characterisation of observational determinism. In: Proceedings of the 19th IEEE computer security foundations workshop, pp 1–13
Terauchi T (2008) A type system for observational determinism. In: Proceedings of the 21st IEEE computer security foundation symposium (CSF’08), pp 287–300
Huisman M, Ngo TM (2011) Scheduler-specific confidentiality for multi-threaded programs and its logic-based verification. In: Proceedings of the 2nd international conference on formal verification of object-oriented systems (FoVeOOS’11). LNCS 7421:178–195
Huisman M, Ngo TM (2011) Scheduler-related confidentiality for multi-threaded programs. Technical report TR-CTIT-11-22, Centre for Telematics and Information Technology, University of Twente
Huisman M, Blondeel HC (2011) Model-checking secure information flow for multi-threaded programs. In: Proceedings of the joint workshop on theory of security and applications (TOSCA). LNCS 6993:148–165
The Edinburgh Concurrency Workbench [Online]. http://homepages.inf.ed.ac.uk/perdita/cwb/
Alur R, Cerny P, Chaudhuri S (2007) Model checking on trees with path equivalences. In: Proceedings of the 13th international conference on tools and algorithms for the construction and analysis of systems (TACAS’07). LNCS 4424:664–678
Denning DE (1976) A lattice model of secure information flow. Commun ACM 19(5): 236–243
Ruys TC (2001) Towards effective model checking. Ph.D. Thesis, Faculty of Natural Sciences, Mathematics and Computer Science
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Jin Song Dong
Rights and permissions
About this article
Cite this article
Dabaghchian, M., Abdollahi Azgomi, M. Model checking the observational determinism security property using PROMELA and SPIN. Form Asp Comp 27, 789–804 (2015). https://doi.org/10.1007/s00165-014-0331-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-014-0331-x