FM 2008: Formal Methods

Volume 5014 of the series Lecture Notes in Computer Science pp 229-245

Specification and Checking of Software Contracts for Conditional Information Flow

  • Torben AmtoftAffiliated withKansas State University Manhattan
  • , John HatcliffAffiliated withKansas State University Manhattan
  • , Edwin RodríguezAffiliated withKansas State University Manhattan
  • , RobbyAffiliated withKansas State University Manhattan
  • , Jonathan HoagAffiliated withKansas State University Manhattan
  • , David GreveAffiliated withRockwell Collins Cedar Rapids, IA

* Final gross prices may vary according to local VAT.

Get Access


Information assurance applications providing Multi-Level Secure (MLS) solutions must often implement information flow policies that are conditional in the sense that data is allowed to flow between system components only when the system satisfies certain state predicates. However, existing specification and verification environments, such as SPARK, used to develop such applications, are capable of capturing only unconditional information flows. Motivated by the need to better formally specify and certify MLS applications in industrial contexts, we present an enhancement of the SPARK system that enables specification, inference, and compositional checking of conditional information flow contracts. We report on the use of this framework for a collection of SPARK examples.