Hoare Logic for Disjunctive Information Flow

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9465)


Information flow control extends access control by not only regulating who is allowed to access what data but also the subsequent use of the data accessed. Applications within communication networks require such information flow control to depend on the actual data. For a concurrent language with synchronous communication and separate data domains we develop a Hoare logic for enforcing disjunctive information flow policies. We establish the soundness of the Hoare logic with respect to an operational semantics and illustrate the development on a running example.


  1. 1.
    Amtoft, T., Dodds, J., Zhang, Z., Appel, A., Beringer, L., Hatcliff, J., Ou, X., Cousino, A.: A certificate infrastructure for machine-checked proofs of conditional information flow. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 369–389. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Andrews, G.R., Reitman, R.P.: An axiomatic approach to information flow in programs. ACM Trans. Program. Lang. Syst. 2(1), 56–76 (1980)CrossRefMATHGoogle Scholar
  3. 3.
    Apt, K.R.: Ten years of Hoare’s logic: A survey - part I. ACM Trans. Program. Lang. Syst. 3(4), 431–483 (1981)CrossRefMATHGoogle Scholar
  4. 4.
    Apt, K.R.: Ten years of Hoare’s logic: a survey part II: nondeterminism. Theoret. Comput. Sci. 28, 83–109 (1984)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: a mathematical model. Technical report, MITRE Corporation (1973)Google Scholar
  6. 6.
    Biba, K.J.: Integrity considerations for secure computer systems. Technical report, MITRE Corporation (1977)Google Scholar
  7. 7.
    Boudol, G.: Secure information flow as a safety property. In: Guttman, J., Degano, P., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 20–34. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  8. 8.
    Broberg, N., Sands, D.: Paralocks: role-based information flow control and beyond. In: 37 th POPL, pp. 431–444. ACM (2010)Google Scholar
  9. 9.
    Chong, S., Myers, A.C.: Decentralized robustness. In: 19’th CSFW, pp. 242–256. IEEE Computer Society (2006)Google Scholar
  10. 10.
    Airlines Electronic Engineering Committee. ARINC 811: Commercial aircraft information security concepts of operation and process framework. Technical report (2005)Google Scholar
  11. 11.
    Darvas, Á., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 193–209. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  12. 12.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. CACM 20(7), 504–513 (1977)CrossRefMATHGoogle Scholar
  13. 13.
    Greve, D.: Data flow logic: Analyzing Information Flow Properties of C Programs. Rockwell Collins (2011)Google Scholar
  14. 14.
    Hedin, D., Sabelfeld, A.: A Perspective on Information-Flow Control. Marktoberdorf Summerschool (2011)Google Scholar
  15. 15.
    Montagu, B., Pierce, B.C., Pollack, R.: A theory of information-flow labels. In: 26th CSF, pp. 3–17. IEEE Computer Society (2013)Google Scholar
  16. 16.
    Müller, K., Paulitsch, M., Tverdyshev, S., Blasum, H.: MILS-related information flow control in the avionic domain: a view on security-enhancing software architectures. In: IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN 2012, pp. 1–6. IEEE (2012)Google Scholar
  17. 17.
    Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: 16th ACM Symposium on Operating Systems Principles, pp. 129–142 (1997)Google Scholar
  18. 18.
    Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9(4), 410–442 (2000)CrossRefGoogle Scholar
  19. 19.
    Nielson, F.: Program transformations in a denotational setting. ACM Trans. Program. Lang. Syst. 7(3), 359–379 (1985)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Plotkin, G.D.: A structural approach to operational semantics. J. Logic Algebraic Program. 60–61, 17–139 (2004)MathSciNetMATHGoogle Scholar
  21. 21.
    Rushby, J.: Separation and Integration in MILS (The MILS Constitution). Technical report SRI-CSL-08-XX, SRI International, February 2008Google Scholar
  22. 22.
    Sabelfeld, A., Russo, A.: From dynamic to static and back: riding the roller coaster of information-flow control research. In: Virbitskaite, I., Voronkov, A., Pnueli, A. (eds.) PSI 2009. LNCS, vol. 5947, pp. 352–365. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  23. 23.
    Stirling, C.: A generalization of Owicki-Gries’s Hoare logic for a concurrent while language. Theoret. Comput. Sci. 58, 347–359 (1988)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Volpano, D.M., Irvine, C.E., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2/3), 167–188 (1996)CrossRefGoogle Scholar
  25. 25.
    Whalen, M.W., Greve, D.A., Wagner, L.G.: Model checking information flow. In: Hardin, D.S. (ed.) Design and Verification of Microprocessor Systems for High-Assurance Applications, pp. 381–428. Springer, New York (2010) CrossRefGoogle Scholar
  26. 26.
    Zheng, L., Myers, A.C.: End-to-end availability policies and noninterference. In: 18’th CSFW, pp. 272–286. IEEE Computer Society (2005)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Hanne Riis Nielson
    • 1
  • Flemming Nielson
    • 1
  • Ximeng Li
    • 1
  1. 1.DTU ComputeTechnical University of DenmarkKongens LyngbyDenmark

Personalised recommendations