Skip to main content
SpringerLink
Log in

Scheduler-Specific Confidentiality for Multi-threaded Programs and Its Logic-Based Verification

  • Conference paper
Formal Verification of Object-Oriented Software (FoVeOOS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7421))

Abstract

Observational determinism has been proposed in the literature as a way to ensure confidentiality for multi-threaded programs. Intuitively, a program is observationally deterministic if the behavior of the public variables is deterministic, i.e., independent of the private variables and the scheduling policy. Several formal definitions of observational determinism exist, but all of them have shortcomings; for example they accept insecure programs or they reject too many innocuous programs. Besides, the role of schedulers was ignored in all the proposed definitions. A program that is secure under one kind of scheduler might not be secure when executed with a different scheduler. The existing definitions do not always ensure that an accepted program behaves securely under the scheduler that is used to execute the program.

Therefore, this paper proposes a new formalization of scheduler-specific observational determinism. It accepts programs that are secure when executed under a specific scheduler. Moreover, it is less restrictive on harmless programs under a particular scheduling policy. We discuss the properties of our definition and argue why it better approximates the intuitive understanding of observational determinism. In addition, we also discuss how compliance with our definition can be verified, using model-checking.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barthe, G., D’Argenio, P., Rezk, T.: Secure information flow by self-composition. In: Foccardi, R. (ed.) Computer Security Foundations Workshop, pp. 100–114. IEEE Press (2004)

    Google Scholar 

  2. Barthe, G., Prensa Nieto, L.: Formally verifying information flow type systems for concurrent and thread systems. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, pp. 13–22. ACM (2004)

    Google Scholar 

  3. Darvas, Á., Hähnle, R., Sands, D.: A Theorem Proving Approach to Analysis of Secure Information Flow. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 193–209. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Huisman, M., Blondeel, H.-C.: Model-Checking Secure Information Flow for Multi-threaded Programs. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 148–165. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Huisman, M., Ngo, T.M.: Scheduler-specific confidentiality for multi-threaded programs and its logic-based verification. Technical Report TR-CTIT-11-22, CTIT, University of Twente, Netherlands (2011)

    Google Scholar 

  6. Huisman, M., Worah, P., Sunesen, K.: A temporal logic characterization of observation determinism. In: Computer Security Foundations Workshop. IEEE Computer Society (2006)

    Google Scholar 

  7. Huth, M., Ryan, M.: Logic in computer science: modeling and reasoning about the system, 2nd edn. Cambridge University Press (2004)

    Google Scholar 

  8. Parma, A., Segala, R.: Logical Characterizations of Bisimulations for Discrete Probabilistic Systems. In: Seidl, H. (ed.) FOSSACS 2007. LNCS, vol. 4423, pp. 287–301. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Peled, D., Wilke, T.: Stutter-invariant temporal properties are expressible without the next-time operator. Inf. Processing Letters 63, 243–246 (1997)

    Article  MathSciNet  Google Scholar 

  10. Roscoe, A.W.: Csp and determinism in security modeling. In: IEEE Symposium on Security and Privacy, p. 114. IEEE Computer Society (1995)

    Google Scholar 

  11. Russo, A., Sabelfeld, A.: Security interaction between threads and the scheduler. In: Computer Security Foundations Symposium, pp. 177–189 (2006)

    Google Scholar 

  12. Sabelfeld, A., Myers, A.: Language-based information flow security. IEEE Journal on Selected Areas in Communications 21, 5–19 (2003)

    Article  Google Scholar 

  13. Terauchi, T.: A type system for observational determinism. In: Computer Science Foundations (2008)

    Google Scholar 

  14. Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Computer Security Foundations Workshop, pp. 29–43. IEEE Press (June 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Twente, Netherlands

    Marieke Huisman & Tri Minh Ngo

Authors
  1. Marieke Huisman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tri Minh Ngo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Theoretical Informatics, Karlsruhe Institute of Technology, Am Fasanengarten 5, 76131, Karlsruhe, Germany

    Bernhard Beckert

  2. Dipartimento di Informatica, Università di Torino, Italy

    Ferruccio Damiani

  3. Royal Institute of Technology, Stockholm, Sweden

    Dilian Gurov

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huisman, M., Ngo, T.M. (2012). Scheduler-Specific Confidentiality for Multi-threaded Programs and Its Logic-Based Verification. In: Beckert, B., Damiani, F., Gurov, D. (eds) Formal Verification of Object-Oriented Software. FoVeOOS 2011. Lecture Notes in Computer Science, vol 7421. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31762-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31762-0_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31761-3

  • Online ISBN: 978-3-642-31762-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation