Generalized Abstract Non-interference: Abstract Secure Information-Flow Analysis for Automata
Abstract non-interference has been introduced as a weakening non-interference which models attackers as abstract interpretations (i.e., static analyzers) of programming language semantics. In this paper we generalize the notion of abstract non-interference to deal with tree-like models of computation. This allows us to widen the scope of abstract non-interference for modeling security properties in automata, timed automata as models of real-time systems, and concurrent systems. We show that well known definitions of non-interference in these models of computation can be viewed as instances of our generalization. This proves that abstract non-interference can reasonably be considered as a general framework for studying and comparing security properties at different levels of abstraction in both programming languages and systems. Moreover, the most precise harmless attacker of a system is systematically derived by transforming abstract domains, characterizing the security degree of automata and concurrent systems.
KeywordsSecurity Policy Security Property Private Action Abstract Interpretation Public Output
Unable to display preview. Download preview PDF.
- 3.Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corp. Badford, MA (1973)Google Scholar
- 5.Cohen, E.S.: Information transmission in sequential programs. Foundations of Secure Computation, 297–335 (1978)Google Scholar
- 7.Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of Conf. Record of the 4th ACM Symp. on Principles of Programming Languages (POPL 1977), pp. 238–252. ACM Press, New York (1977)Google Scholar
- 10.Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. Journal of Computer security 3(1), 5–33 (1995)Google Scholar
- 12.Focardi, R., Martinelli, F.: A uniform approach for the definition of security properties. World Congress on Formal Methods (1), 794–813 (1999)Google Scholar
- 15.Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar
- 20.Mantel, H., Sabelfeld, A.: A unifying approach to the security of distributed and multi-threaded programs. Journal of Computer Security 11(4), 615–676 (2003)Google Scholar
- 24.Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proc. of 18th IEEE Computer Security Foundations Workshop (CSFW-18). IEEE Comp. Soc. Press, Los Alamitos (2005)Google Scholar
- 25.Skalka, C., Smith, S.: Static enforcement of security with types. In: ICFP 2000, pp. 254–267. ACM Press, New York (2000)Google Scholar
- 27.Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(2,3), 167–187 (1996)Google Scholar