Advertisement

Secure Information Flow as a Safety Problem

  • Tachio Terauchi
  • Alex Aiken
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3672)

Abstract

The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation. Barthe, D’Argenio, and Rezk coined the term “self-composition” to describe this reduction. This paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic. We also identify a problem with applying the self-compositional approach in practice, and we present a solution to this problem that makes use of more traditional type-based approaches. The result is a framework that combines the best of both worlds, i.e., better than traditional type-based approaches and better than the self-compositional approach.

Keywords

Model Check Type System Secure Information Security Policy Safety Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21, 5–19 (2003)CrossRefGoogle Scholar
  2. 2.
    McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: SP 1994: Proceedings of the 1994 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 79. IEEE Computer Society, Los Alamitos (1994)Google Scholar
  3. 3.
    Darvas, Á., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: Gorrieri, R. (ed.) Workshop on Issues in the Theory of Security, WITS, IFIP WG 1.7, ACM SIGPLAN and GI FoMSESS (2003)Google Scholar
  4. 4.
    Barthe, G., D’Argenio, P., Rezk, T.: Secure information flow by self-composition. In: Computer Security Fundation Workshop (CSFW 17). IEEE Press, Los Alamitos (2004)Google Scholar
  5. 5.
    Ball, T., Rajamani, S.K.: The SLAM project: debugging system software via static analysis. In: Proceedings of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Portland, Oregon, pp. 1–3 (2002)Google Scholar
  6. 6.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proceedings of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Portland, Oregon, pp. 58–70 (2002)Google Scholar
  7. 7.
    Ball, T., Podelski, A., Rajamani, S.K.: Relative completeness of abstraction refinement for software model checking. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, pp. 158–172. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Podelski, A., Rybalchenko, A.: Transition predicate abstraction and fair termination. In: Proceedings of the 32nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Long Beach, California, pp. 132–144 (2005)Google Scholar
  9. 9.
    Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: Proceedings of the 32nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Long Beach, California, pp. 158–170 (2005)Google Scholar
  10. 10.
    Zdancewic, S., Myers, A.C.: Robust declassification. In: CSFW 2001: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, pp. 15–23. IEEE Computer Society, Los Alamitos (2001)CrossRefGoogle Scholar
  11. 11.
    Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: Proceedings of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Venice, Italy, pp. 186–197 (2004)Google Scholar
  13. 13.
    Terauchi, T., Aiken, A.: Secure information flow as a safety problem. University of California, Berkeley UCB//CSD-05-1396 (Technical report)Google Scholar
  14. 14.
    Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Tachio Terauchi
    • 1
  • Alex Aiken
    • 2
  1. 1.EECS DepartmentUniversity of CaliforniaBerkeley
  2. 2.Computer Science DepartmentStanford University 

Personalised recommendations