A Theorem Proving Approach to Analysis of Secure Information Flow

  • Ádám Darvas
  • Reiner Hähnle
  • David Sands
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3450)


Most attempts at analysing secure information flow in programs are based on domain-specific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. We recast the information flow problem in a general program logic rather than a problem-specific one. We investigate the feasibility of this approach by showing how a general purpose tool for software verification can be used to perform information flow analyses. We are able to prove security and insecurity of programs including advanced features such as method calls, loops, and object types for the target language Java Card. In addition, we can express declassification of information.


Smart Card Secure Information User Interaction Target Language Open Goal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Darvas, Á., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. Technical Report 2004-01, Department of Computing Science, Chalmers University of Technology and Göteborg University (2004)Google Scholar
  2. 2.
    Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and System Modeling (2004);Online First issue, to appear in printGoogle Scholar
  3. 3.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: Proc. 17th IEEE Comp. Sec. Founds. Workshop (2004)Google Scholar
  4. 4.
    Beckert, B.: A dynamic logic for the formal verification of Java Card programs. Java on Smart Cards: Programming and Security, 6–24 (2001)Google Scholar
  5. 5.
    Beckert, B., Mostowski, W.: A program logic for handling JAVA cARD’s transaction mechanism. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 246–260. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Cohen, E.S.: Information transmission in sequential programs. In: Foundations of Secure Computation, pp. 297–335. Academic Press, London (1978)Google Scholar
  7. 7.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)zbMATHCrossRefGoogle Scholar
  8. 8.
    Detlefs, D.L., Nelson, G., Saxe, J.B.: A theorem prover for program checking. Research report 178, Compaq SRC (2002)Google Scholar
  9. 9.
    Giacobazzi, R., Mastroeni, I.: Proving abstract non-interference. In: Conf. of the European Association for Computer Science Logic, pp. 280–294 (2004)Google Scholar
  10. 10.
    Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press, Cambridge (2000)zbMATHGoogle Scholar
  11. 11.
    Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Science of Computer Programming 37(1–3), 113–138 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Proc.UML, pp. 412–425 (2002)Google Scholar
  13. 13.
    Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proc.POPL , pp. 228–241(January 1999)Google Scholar
  14. 14.
    Pottier, F., Simonet, V.: Information flow inference for ML. In: Proc. POPL, pp. 319–330 (January 2002)Google Scholar
  15. 15.
    Pottier, F., Simonet, V.: Information flow inference for ML. ACM Trans. on Progr. Langs. and Systems 25(1), 117–158 (2003)CrossRefGoogle Scholar
  16. 16.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communication 21(1) (January 2003)Google Scholar
  17. 17.
    Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. Higher-Order and Symbolic Computation 14(1), 59–91 (2001)zbMATHCrossRefGoogle Scholar
  18. 18.
    Stenzel, K.: Verification of JavaCard programs. Technical report 2001-5, Institut für Informatik, Universität Augsburg, Germany (2001)Google Scholar
  19. 19.
    Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proc. IEEE Comp. Sec. Founds. Workshop, pp. 156–168 (June 1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ádám Darvas
    • 1
  • Reiner Hähnle
    • 2
  • David Sands
    • 2
  1. 1.Swiss Federal Institute of Technology (ETH)Zurich
  2. 2.Chalmers University of TechnologySweden

Personalised recommendations