Skip to main content

A Conference Management System with Verified Document Confidentiality

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 8559)

Abstract

We present a case study in verified security for realistic systems: the implementation of a conference management system, whose functional kernel is faithfully represented in the Isabelle theorem prover, where we specify and verify confidentiality properties. The various theoretical and practical challenges posed by this development led to a novel security model and verification method generally applicable to systems describable as input–output automata.

Keywords

  • Security Model
  • Program Committee
  • Safety Property
  • Epistemic Logic
  • Paper Authorship

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. Jif: Java + information flow (2014), http://www.cs.cornell.edu/jif

  2. The Scala Programming Language (2014), http://www.scala-lang.org

  3. Arapinis, M., Bursuc, S., Ryan, M.: Privacy supporting cloud computing: Confichair, a case study. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 89–108. Springer, Heidelberg (2012)

    Google Scholar 

  4. Bell, E.D., La Padula, J.L.: Secure computer system: Unified exposition and multics interpretation, Technical Report MTR-2997, MITRE, Bedford, MA (1975)

    Google Scholar 

  5. Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. In: LICS, pp. 331–340 (2005)

    Google Scholar 

  6. Clarkson, M.R., Finkbeiner, B., Koleini, M., Micinski, K.K., Rabe, M.N., Sánchez, C.: Temporal logics for hyperproperties. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 265–284. Springer, Heidelberg (2014)

    Google Scholar 

  7. Cohen, E.S.: Information transmission in computational systems. In: SOSP, pp. 133–139 (1977)

    Google Scholar 

  8. de Amorim, A.A., Collins, N., DeHon, A., Demange, D., Hritcu, C., Pichardie, D., Pierce, B.C., Pollack, R., Tolmach, A.: A verified information-flow architecture. In: POPL, pp. 165–178 (2014)

    Google Scholar 

  9. Dimitrova, R., Finkbeiner, B., Kovács, M., Rabe, M.N., Seidl, H.: Model checking information flow in reactive systems. In: Kuncak, V., Rybalchenko, A. (eds.) VMCAI 2012. LNCS, vol. 7148, pp. 169–185. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  10. The EasyChair conference system (2014), http://easychair.org

  11. The HotCRP conference management system (2014), http://read.seas.harvard.edu/~kohler/hotcrp

  12. Focardi, R., Gorrieri, R.: Classification of security properties (part i: Information flow). In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  13. Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)

    Google Scholar 

  14. Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: IEEE Symposium on Security and Privacy, pp. 75–87 (1984)

    Google Scholar 

  15. Gollmann, D.: Computer Security, 2nd edn. Wiley (2005)

    Google Scholar 

  16. Haftmann, F.: Code Generation from Specifications in Higher-Order Logic. Ph.D. thesis, Technische Universität München (2009)

    Google Scholar 

  17. Haftmann, F., Nipkow, T.: Code generation via higher-order rewrite systems. In: Blume, M., Kobayashi, N., Vidal, G. (eds.) FLOPS 2010. LNCS, vol. 6009, pp. 103–117. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  18. Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. 12(1) (2008)

    Google Scholar 

  19. IEEE Symposium on Security and Privacy. Email notification (2012)

    Google Scholar 

  20. Kanav, S., Lammich, P., Popescu, A.: The CoCon website, http://www21.in.tum.de/~popescua/rs3/GNE.html

  21. Lampson, B.W.: Protection. Operating Systems Review 8(1), 18–24 (1974)

    CrossRef  Google Scholar 

  22. Mantel, H.: Information flow control and applications - bridging a gap -. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)

    Google Scholar 

  23. Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, University of Saarbrücken (2003)

    Google Scholar 

  24. Mantel, H.: Information flow and noninterference. In: Encyclopedia of Cryptography and Security, 2nd edn., pp. 605–607 (2011)

    Google Scholar 

  25. McCullough, D.: Specifications for multi-level security and a hook-up property. In: IEEE Symposium on Security and Privacy (1987)

    Google Scholar 

  26. McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proc. IEEE Symposium on Security and Privacy, pp. 79–93 (1994)

    Google Scholar 

  27. McLean, J.: Security models. In: Encyclopedia of Software Engineering (1994)

    Google Scholar 

  28. Murray, T., Matichuk, D., Brassil, M., Gammie, P., Klein, G.: Noninterference for operating system kernels. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 126–142. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  29. Nipkow, T., Klein, G.: Concrete Semantics. With Isabelle/HOL, p. 310. Springer (forthcoming), http://www.in.tum.de/~nipkow/Concrete-Semantics

  30. Nipkow, T., Paulson, L.C., Wenzel, M.T. (eds.): Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  31. O’Halloran, C.: A calculus of information flow. In: ESORICS, pp. 147–159 (1990)

    Google Scholar 

  32. Popek, G.J., Farber, D.A.: A model for verification of data security in operating systems. Commun. ACM 21(9), 737–749 (1978)

    CrossRef  MATH  Google Scholar 

  33. Ronald Fagin, Y.M., Halpern, J.Y., Vardi, M.: Reasoning about knowledge. MIT Press (2003)

    Google Scholar 

  34. Rushby, J.: Noninterference, transitivity, and channel-control security policies. Tech. report (December 1992)

    Google Scholar 

  35. Ryan, P.Y.A.: Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 1–62. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  36. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)

    CrossRef  Google Scholar 

  37. Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security 17(5), 517–548 (2009)

    Google Scholar 

  38. Sutherland, D.: A model of information. In: 9th National Security Conference, pp. 175–183 (1986)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Kanav, S., Lammich, P., Popescu, A. (2014). A Conference Management System with Verified Document Confidentiality. In: Biere, A., Bloem, R. (eds) Computer Aided Verification. CAV 2014. Lecture Notes in Computer Science, vol 8559. Springer, Cham. https://doi.org/10.1007/978-3-319-08867-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08867-9_11

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08866-2

  • Online ISBN: 978-3-319-08867-9

  • eBook Packages: Computer ScienceComputer Science (R0)