Ensuring Secure Non-interference of Programs by Game Semantics

  • Aleksandar S. Dimovski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8743)

Abstract

Non-interference is a security property which states that improper information leakages due to direct and indirect flows have not occurred through executing programs. In this paper we investigate a game semantics based formulation of non-interference that allows to perform a security analysis of closed and open procedural programs. We show that such formulation is amenable to automated verification techniques. The practicality of this method is illustrated by several examples, which also emphasize its advantage compared to known operational methods for reasoning about open programs.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abramsky, S., McCusker, G.: Game Semantics. In: Proceedings of the 1997 Marktoberdorf Summer School: Computational Logic, pp. 1–56. Springer (1998)Google Scholar
  2. 2.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: IEEE CSFW 2004, pp. 100–114. IEEE Computer Society Press (2004)Google Scholar
  3. 3.
    Clark, D., Hankin, C., Hunt, S.: Information flow for Alogol-like languages. Computer Languages 28(1), 3–28 (2002)MATHGoogle Scholar
  4. 4.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)MATHGoogle Scholar
  5. 5.
    Dimovski, A., Ghica, D.R., Lazić, R.S.: Data-Abstraction Refinement: A Game Semantic Approach. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 102–117. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Dimovski, A., Lazić, R.: Compositional Software Verification Based on Game Semantics and Process Algebras. Int. Journal on STTT 9(1), 37–51 (2007)CrossRefGoogle Scholar
  7. 7.
    Dimovski, A.: Slot Games for Detecting Timing Leaks of Programs. In: Puppis, G., Villa, T. (eds.) GandALF 2013. EPTCS, vol. 119, pp. 166–179. Open Publishing Association (2013)Google Scholar
  8. 8.
    Dimovski, A.: Program Verification Using Symbolic Game Semantics. In: Theoretical Computer Science (TCS) (January 2014)Google Scholar
  9. 9.
    Ghica, D.R., McCusker, G.: The Regular-Language Semantics of Second-order Idealized Algol. Theoretical Computer Science 309(1-3), 469–502 (2003)CrossRefMATHMathSciNetGoogle Scholar
  10. 10.
    Ghica, D.R.: Slot Games: a quantitative model of computation. In: Palsberg, J., Abadi, M. (eds.) POPL 2005, pp. 85–97. ACM Press, New York (1998)Google Scholar
  11. 11.
    Heintze, N., Riecke, J.G.: The SLam calculus: programming with secrecy and integrity. In: MacQueen, D.B., Cardelli, L. (eds.) POPL 1998, pp. 365–377. ACM, New York (1998)Google Scholar
  12. 12.
    Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Science of Computer Programming 37, 113–138 (2000)CrossRefMATHMathSciNetGoogle Scholar
  13. 13.
    Malacaria, M., Hankin, C.: Non-deterministic games and program analysis: An application to security. In: LICS 1999, pp. 443–452. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  14. 14.
    McLean, J.: Proving noninterference and functional correctness using traces. J. Computer Security 1(1), 37–58 (1992)MathSciNetGoogle Scholar
  15. 15.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  16. 16.
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(2/3), 167–188 (1996)Google Scholar
  17. 17.
    Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: IEEE Computer Security Foundations Workshop (CSFW), pp. 156–169. IEEE Computer Society Press (1997)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Aleksandar S. Dimovski
    • 1
  1. 1.IT University of CopenhagenCopenhagen SDenmark

Personalised recommendations