Generalized Abstract Non-interference: Abstract Secure Information-Flow Analysis for Automata
Abstract non-interference has been introduced as a weakening non-interference which models attackers as abstract interpretations (i.e., static analyzers) of programming language semantics. In this paper we generalize the notion of abstract non-interference to deal with tree-like models of computation. This allows us to widen the scope of abstract non-interference for modeling security properties in automata, timed automata as models of real-time systems, and concurrent systems. We show that well known definitions of non-interference in these models of computation can be viewed as instances of our generalization. This proves that abstract non-interference can reasonably be considered as a general framework for studying and comparing security properties at different levels of abstraction in both programming languages and systems. Moreover, the most precise harmless attacker of a system is systematically derived by transforming abstract domains, characterizing the security degree of automata and concurrent systems.
Unable to display preview. Download preview PDF.
- 3.Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corp. Badford, MA (1973)Google Scholar
- 5.Cohen, E.S.: Information transmission in sequential programs. Foundations of Secure Computation, 297–335 (1978)Google Scholar
- 7.Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of Conf. Record of the 4th ACM Symp. on Principles of Programming Languages (POPL 1977), pp. 238–252. ACM Press, New York (1977)Google Scholar
- 10.Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. Journal of Computer security 3(1), 5–33 (1995)Google Scholar
- 12.Focardi, R., Martinelli, F.: A uniform approach for the definition of security properties. World Congress on Formal Methods (1), 794–813 (1999)Google Scholar
- 15.Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar
- 20.Mantel, H., Sabelfeld, A.: A unifying approach to the security of distributed and multi-threaded programs. Journal of Computer Security 11(4), 615–676 (2003)Google Scholar
- 24.Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proc. of 18th IEEE Computer Security Foundations Workshop (CSFW-18). IEEE Comp. Soc. Press, Los Alamitos (2005)Google Scholar
- 25.Skalka, C., Smith, S.: Static enforcement of security with types. In: ICFP 2000, pp. 254–267. ACM Press, New York (2000)Google Scholar
- 27.Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(2,3), 167–187 (1996)Google Scholar