A Model-Based Approach to Secure Multiparty Distributed Systems

  • Najah Ben Said
  • Takoua Abdellatif
  • Saddek Bensalem
  • Marius Bozga
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9952)


Within distributed systems with completely distributed interactions between parties with mutual distrust, it is hard to control the (illicit) flowing of private information to unintended parties. Unlike existing methods dealing with verification of low-level cryptographic protocols, we propose a novel model-based approach based on model transformations to build a secure-by-construction multiparty distributed system. First, starting from a component-based model of the system, the designer annotates different parts of it in order to define the security policy. Then, the security is checked and when valid, a secure distributed model, consistent with the desired security policy, is automatically generated. To illustrate the approach, we present a framework that implements our method and use it to secure an online social network application.


Information Flow Security Policy Security Level Security Condition Covert Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Ben Said, N., Abdellatif, T., Bensalem, S., Bozga, M.: Model-driven information flow security for component-based systems. In: Bensalem, S., Lakhneck, Y., Legay, A. (eds.) From Programs to Systems. LNCS, vol. 8415, pp. 1–20. Springer, Heidelberg (2014)Google Scholar
  2. 2.
    Basu, A., Bozga, M., Sifakis, J.: Modeling heterogeneous real-time systems in BIP. In: Proceedings of the SEFM 2006, pp. 3–12. IEEE Computer Society Press (2006)Google Scholar
  3. 3.
    Bonakdarpour, B., Bozga, M., Jaber, M., Quilbeuf, J., Sifakis, J.: Automated conflict-free distributed implementation of component-based models. In: Proceedings of the SIES 2010, pp. 108–117. IEEE (2010)Google Scholar
  4. 4.
    Bonakdarpour, B., Bozga, M., Jaber, M., Quilbeuf, J., Sifakis, J.: A framework for automated distributed implementation of component-based models. Distrib. Comput. 25(5), 383–409 (2012)CrossRefzbMATHGoogle Scholar
  5. 5.
    Accorsi, R., Lehmann, A.: Automatic information flow analysis of business process models. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 172–187. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. 6.
    Focardi, R., Rossi, S., Sabelfeld, A.: Bridging language-based and process calculi security. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 299–315. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Frau, S., Gorrieri, R., Ferigato, C.: Petri net security checker: structural non-interference at work. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 210–225. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Basin, D.A., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)CrossRefGoogle Scholar
  9. 9.
    Chollet, S., Lalanda, P.: Security specification at process level. In: Proceedings of the SCC 2008, pp. 165–172. IEEE Computer Society (2008)Google Scholar
  10. 10.
    Accorsi, R., Wonnemann, C.: Static information flow analysis of workflow models. In: Proceedings of the ISSS and BPSC 2010, LNI, vol. 177, pp. 194–205 (2010)Google Scholar
  11. 11.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20, 504–513 (1977)CrossRefzbMATHGoogle Scholar
  12. 12.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy, pp. 11–20. IEEE Computer Society (1982)Google Scholar
  13. 13.
    Heintze, N., Riecke, J.G.: The slam calculus: programming with secrecy and integrity. In: Proceedings of the POPL 1998, pp. 365–377. ACM (1998)Google Scholar
  14. 14.
    Volpano, D.M., Irvine, C.E., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2/3), 167–188 (1996)CrossRefGoogle Scholar
  15. 15.
    Laud, Peeter: Semantics and program analysis of computationally secure information flow. In: Sands, David (ed.) ESOP 2001. LNCS, vol. 2028, pp. 77–91. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Adão, P., Fournet, C.: Cryptographically sound implementations for communicating processes. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 83–94. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Courant, J., Ene, C., Lakhnech, Y.: Computationally sound typing for non-interference: the case of deterministic encryption. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 364–375. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Laud, P.: On the computational soundness of cryptographically masked flows. In: Proceedings of the POPL 2008, pp. 337–348. ACM (2008)Google Scholar
  19. 19.
    Fournet, C., Rezk, T.: Cryptographically sound implementations for typed information-flow security. In: Proceedings of the POPL 2008, pp. 323–335. ACM (2008)Google Scholar
  20. 20.
    Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Secure program partitioning. ACM Trans. Comput. Syst. 20, 283–328 (2002)CrossRefGoogle Scholar
  21. 21.
    Fournet, C., Le Guernic, G., Rezk, T.: A security-preserving compiler for distributed programs: from information-flow policies to cryptographic mechanisms. In: Proceedings of the CCS 2009, pp. 432–441. ACM (2009)Google Scholar
  22. 22.
    Krohn, M.N., Yip, A., Brodsky, M.Z., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information flow control for standard OS abstractions. In: Proceedings of the SOSP 2007, pp. 321–334. ACM (2007)Google Scholar
  23. 23.
    Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in HiStar. In: Proceedings of the OSDI 2006, pp. 263–278. Usenix Assoc. (2006)Google Scholar
  24. 24.
    Vandebogart, S., Efstathopoulos, P., Kohler, E., Krohn, M.N., Frey, C., Ziegler, D., Kaashoek, M.F., Morris, R., Mazières, D.: Labels and event processes in the Asbestos operating system. ACM Trans. Comput. Syst. 25(4), 1–11 (2007)CrossRefGoogle Scholar
  25. 25.
    Zeldovich, N., Boyd-Wickizer, S., Mazières, D.: Securing distributed systems with information flow control. In: Proceedings of the NSDI 2008, pp. 293–308. Usenix Assoc. (2008)Google Scholar
  26. 26.
    Parrend, P., Frénot, S.: Security benchmarks of OSGi platforms: toward hardened OSGi. Softw. Pract. Exper. 39(5), 471–499 (2009)CrossRefGoogle Scholar
  27. 27.
    Kuz, I., Liu, Y., Gorton, I., Heiser, G.: Camkes: a component model for secure microkernel-based embedded systems. J. Syst. Softw. 80(5), 687–699 (2007)CrossRefGoogle Scholar
  28. 28.
    Abdellatif, T., Sfaxi, L., Robbana, R., Lakhnech, Y.: Automating information flow control in component-based distributed systems. In: Proceedings of the CBSE 2011, pp. 73–82. ACM (2011)Google Scholar
  29. 29.
    Ben Said, N., Abdellatif, T., Bensalem, S., Bozga, M.: A robust framework for securing composed web services. In: Braga, C., et al. (eds.) FACS 2015. LNCS, vol. 9539, pp. 105–122. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-28934-2_6 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Najah Ben Said
    • 1
    • 2
  • Takoua Abdellatif
    • 3
  • Saddek Bensalem
    • 1
    • 2
  • Marius Bozga
    • 1
    • 2
  1. 1.Univ. Grenoble Alpes, VERIMAGGrenobleFrance
  2. 2.CNRS, VERIMAGGrenobleFrance
  3. 3.Tunisia Polytechnic SchoolUniversity of CarthageTunisTunisia

Personalised recommendations