Skip to main content
SpringerLink
Log in

Specification and Checking of Software Contracts for Conditional Information Flow

  • Conference paper
Book cover FM 2008: Formal Methods (FM 2008)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5014))

Included in the following conference series:

Abstract

Information assurance applications providing Multi-Level Secure (MLS) solutions must often implement information flow policies that are conditional in the sense that data is allowed to flow between system components only when the system satisfies certain state predicates. However, existing specification and verification environments, such as SPARK, used to develop such applications, are capable of capturing only unconditional information flows. Motivated by the need to better formally specify and certify MLS applications in industrial contexts, we present an enhancement of the SPARK system that enables specification, inference, and compositional checking of conditional information flow contracts. We report on the use of this framework for a collection of SPARK examples.

This work was supported in part by the US National Science Foundation (NSF) awards 0454348, 0429141, and CAREER award 0644288, the US Air Force Office of Scientific Research (AFOSR), and Rockwell Collins. The authors gratefully acknowledge insightful comments from Matt Benke at the US Department of Defense, and the assistance of Rod Chapman and Trevor Jennings of Praxis High Integrity Systems in obtaining SPARK examples and running the SPARK tools.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amtoft, T., Bandhakavi, S., Banerjee, A.: A logic for information flow in object-oriented programs. In: 33rd Principles of Programming Languages (POPL), pp. 91–102 (2006)

    Google Scholar 

  2. Amtoft, T., Banerjee, A.: Information Flow Analysis in Logical Form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100–115. Springer, Heidelberg (2004)

    Google Scholar 

  3. Amtoft, T., Banerjee, A.: A logic for information flow analysis with an application to forward slicing of simple imperative programs. Science of Comp. Prog. 64(1), 3–28 (2007)

    Google Scholar 

  4. Amtoft, T., Banerjee, A.: Verification condition generation for conditional information flow. In: 5th ACM Workshop on Formal Methods in Security Engineering (FMSE), pp. 2–11 (2007); A long version, with proofs, appears as technical report KSU CIS TR 2007-2

    Google Scholar 

  5. Amtoft, T., Hatcliff, J., Rodriguez, E., Robby, Hoag, J., Greve, D.: Specification and checking of software contracts for conditional information flow (extended version). Technical Report SAnToS-TR2007-5, KSU CIS (2007), http://www.sireum.org

  6. Banerjee, A., Naumann, D.A.: Stack-based access control and secure information flow. Journal of Functional Programming 2(15), 131–177 (2005)

    Google Scholar 

  7. Barnes, J.: High Integrity Software – the SPARK Approach to Safety and Security. Addison-Wesley, Reading (2003)

    Google Scholar 

  8. Barthe, G., D’Argenio, P., Rezk, T.: Secure information flow by self-composition. In: Foccardi, R. (ed.) CSFW 2004, pp. 100–114. IEEE Press, Los Alamitos (2004)

    Google Scholar 

  9. Bergeretti, J.-F., Carré, B.A.: Information-flow and data-flow analysis of while-programs. ACM TOPLAS 7(1), 37–61 (1985)

    Google Scholar 

  10. Chapman, R., Hilton, A.: Enforcing security and safety models with an information flow analysis tool. In: SIGAda 2004, Atlanta, Georgia, November 2004, pp. 39–46. ACM, New York (2004)

    Google Scholar 

  11. Darvas, A., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 193–209. Springer, Heidelberg (2005)

    Google Scholar 

  12. Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)

    Google Scholar 

  13. Greve, D., Wilding, M., Vanfleet, W.M.: A separation kernel formal security policy. In: 4th International Workshop on the ACL2 Prover and its Applications (ACL2-2003) (2003)

    Google Scholar 

  14. Heitmeyer, C.L., Archer, M., Leonard, E.I., McLean, J.: Formal specification and verification of data separation in a separation kernel for an embedded system. In: 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 346–355 (2006)

    Google Scholar 

  15. Jackson, D., Thomas, M., Millett, L.I. (eds.): Software for Dependable Systems: Sufficient Evidence? National Academies Press, Washington (2007); Committee on Certifiably Dependable Software Systems, National Research Council

    Google Scholar 

  16. Kaufmann, M., Manolios, P., Moore, J.S.: Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, Dordrecht (2000)

    Google Scholar 

  17. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: POPL 1999, San Antonio, Texas, pp. 228–241. ACM Press, New York (1999)

    Google Scholar 

  18. Naumann, J.D.A.: From Coupling Relations to Mated Invariants for Checking Information Flow. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 279–296. Springer, Heidelberg (2006)

    Google Scholar 

  19. Owre, S., Rushby, J.M., Shankar, N.: PVS: A prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, Springer, Heidelberg (1992)

    Google Scholar 

  20. Rossebo, B., Oman, P., Alves-Foss, J., Blue, R., Jaszkowiak, P.: Using SPARK-Ada to model and verify a MILS message router. In: Proceedings of the International Symposium on Secure Software Engineering (2006)

    Google Scholar 

  21. Rushby, J.: The design and verification of secure systems. In: 8th ACM Symposium on Operating Systems Principles, vol. 15(5), pp. 12–21 (1981)

    Google Scholar 

  22. Simonet, V.: Flow Caml in a nutshell. In: Hutton, G. (ed.) First APPSEM-II workshop, March 2003, pp. 152–165 (2003)

    Google Scholar 

  23. Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM TOSEM 15(4), 410–457 (2006)

    Google Scholar 

  24. Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)

    Google Scholar 

  25. Vanfleet, M., Luke, J., Beckwith, R.W., Taylor, C., Calloni, B., Uchenick, G.: MILS: Architecture for high-assurance embedded computing. CrossTalk: The Journal of Defense Software Engineering (August 2005)

    Google Scholar 

  26. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(3), 167–188 (1996)

    Google Scholar 

  27. Sireum website, http://www.sireum.org

Download references

Author information

Authors and Affiliations

  1. Kansas State University Manhattan, KS 66506, USA

    Torben Amtoft, John Hatcliff, Edwin Rodríguez,  Robby & Jonathan Hoag

  2. Rockwell Collins Cedar Rapids, IA, USA

    David Greve

Authors
  1. Torben Amtoft
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Hatcliff
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Edwin Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Robby
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jonathan Hoag
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. David Greve
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Jorge Cuellar Tom Maibaum Kaisa Sere

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Amtoft, T., Hatcliff, J., Rodríguez, E., Robby, Hoag, J., Greve, D. (2008). Specification and Checking of Software Contracts for Conditional Information Flow. In: Cuellar, J., Maibaum, T., Sere, K. (eds) FM 2008: Formal Methods. FM 2008. Lecture Notes in Computer Science, vol 5014. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68237-0_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-68237-0_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68235-6

  • Online ISBN: 978-3-540-68237-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation