On the Decidability of Model-Checking Information Flow Properties

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5352)


Current standard security practices do not provide substantial assurance about information flow security: the end-to-end behavior of a computing system. Noninterference is the basic semantical condition used to account for information flow security. In the literature, there are many definitions of noninterference: Non-inference, Separability and so on. Mantel presented a framework of Basic Security Predicates (BSPs) for characterizing the definitions of noninterference in the literature. Model-checking these BSPs for finite state systems was shown to be decidable in [8]. In this paper, we show that verifying these BSPs for the more expressive system model of pushdown systems is undecidable. We also give an example of a simple security property which is undecidable even for finite-state systems: the property is a weak form of non-inference called WNI, which is not expressible in Mantel’s BSP framework.


Turing Machine Security Property Boolean Program Emptiness Problem Computer Security Foundation Workshop 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alur, R., Etessami, K., Yannakakis, M.: Analysis of recursive state machines. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 207–220. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for boolean programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 113–130. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 1-2(281), 109–130 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Dam, M.: Decidability and proof systems for language-based noninterference relations. In: Proceedings POPL 2006, Charleston, South Carolina (2006)Google Scholar
  5. 5.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    D’Souza, D., Holla, R., Kulkarni, J., Raghavendra, K.R., Sprick, B.: On the decidablity of model-checking information flow properties. Technical Report IISc-CSA-TR-2008-2 (2008)Google Scholar
  7. 7.
    D’Souza, D., Raghavendra, K.R.: Checking unwinding conditions for finite state systems. In: Proceedings of the VERIFY 2006 workshop, pp. 85–94 (2006)Google Scholar
  8. 8.
    D’Souza, D., Raghavendra, K.R., Sprick, B.: An automata based approach for verifying information flow properties. In: Proceedings of the second workshop on Automated Reasoning for Security Protocol Analysis (ARSPA 2005). ENTCS, vol. 135, pp. 39–58 (2005)Google Scholar
  9. 9.
    Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. Journal of Computer Security 1, 5–33 (1995)CrossRefGoogle Scholar
  10. 10.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, April 1982, pp. 11–20 (1982)Google Scholar
  11. 11.
    Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proc. IEEE Symp. on Security and Privacy, pp. 75–86 (April 1984)Google Scholar
  12. 12.
    Kozen, D.C.: Automata and Computability. Springer, Heidelberg (1997)CrossRefzbMATHGoogle Scholar
  13. 13.
    Mantel, H.: Possibilistic Definitions of Security – An Assembly Kit. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop, Cambridge, UK, July 3–5, 2000, pp. 185–199. IEEE Computer Society, Los Alamitos (2000)CrossRefGoogle Scholar
  14. 14.
    Mantel, H.: Unwinding Possibilistic Security Properties. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 238–254. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes (2003)Google Scholar
  16. 16.
    McCullough, D.: Specifications for multilevel security and a hookup property. In: Proc. 1987 IEEE Symp. Security and Privacy (1987)Google Scholar
  17. 17.
    McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 79–93. IEEE Computer Society Press, Los Alamitos (1994)Google Scholar
  18. 18.
    O’Halloran, C.: A calculus of information flow. In: Proceedings of the European Symposium on Research in Computer Security, ESORICS 1990 (1990)Google Scholar
  19. 19.
    Quine, W.V.: Concatenation as a basis for finite arithmetic. J. Symbolic Logic 11(4) (1946)Google Scholar
  20. 20.
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)Google Scholar
  21. 21.
    Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. Higher-Order and Symbolic Computation 1(14), 59–91 (2001)CrossRefzbMATHGoogle Scholar
  22. 22.
    Sutherland, D.: A model of information. In: Proceedings of the 9th National Computer Security Conference (1986)Google Scholar
  23. 23.
    van der Meyden, R., Zhang, C.: Algorithmic verification of noninterference properties. Electron. Notes Theor. Comput. Sci. 168, 61–75 (2007)CrossRefGoogle Scholar
  24. 24.
    Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: SP 1997: Proceedings of the 1997 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 94. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  1. 1.Department of Computer Sc. & AutomationIndian Institute of ScienceIndia
  2. 2.Department of Computer Science, Modeling and Analysis of Information SystemsTU DarmstadtGermany

Personalised recommendations