Specification and Checking of Software Contracts for Conditional Information Flow

  • Torben Amtoft
  • John Hatcliff
  • Edwin Rodríguez
  • Robby
  • Jonathan Hoag
  • David Greve
Conference paper

DOI: 10.1007/978-3-540-68237-0_17

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5014)
Cite this paper as:
Amtoft T., Hatcliff J., Rodríguez E., Robby, Hoag J., Greve D. (2008) Specification and Checking of Software Contracts for Conditional Information Flow. In: Cuellar J., Maibaum T., Sere K. (eds) FM 2008: Formal Methods. FM 2008. Lecture Notes in Computer Science, vol 5014. Springer, Berlin, Heidelberg

Abstract

Information assurance applications providing Multi-Level Secure (MLS) solutions must often implement information flow policies that are conditional in the sense that data is allowed to flow between system components only when the system satisfies certain state predicates. However, existing specification and verification environments, such as SPARK, used to develop such applications, are capable of capturing only unconditional information flows. Motivated by the need to better formally specify and certify MLS applications in industrial contexts, we present an enhancement of the SPARK system that enables specification, inference, and compositional checking of conditional information flow contracts. We report on the use of this framework for a collection of SPARK examples.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Torben Amtoft
    • 1
  • John Hatcliff
    • 1
  • Edwin Rodríguez
    • 1
  • Robby
    • 1
  • Jonathan Hoag
    • 1
  • David Greve
    • 2
  1. 1.Kansas State University ManhattanUSA
  2. 2.Rockwell Collins Cedar Rapids, IAUSA

Personalised recommendations