Non-interference on UML State-Charts

  • Martín Ochoa
  • Jan Jürjens
  • Jorge Cuéllar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7304)


Non-interference is a semantically well-defined property that allows one to reason about the security of systems with respect to information flow policies for groups of users. Many of the security problems of implementations could be already spotted at design time if information flow would be a concern in early phases of software development. In this paper we propose a methodology for automatically verifying the interaction of objects whose behaviour is described by deterministic UML State-charts with respect to information flow policies, based on the so-called unwinding theorem. We have extended this theorem to cope with the particularities of state-charts: the use of variables, guards, actions and hierarchical states and derived results about its compositionality. In order to validate our approach, we report on an implementation of our enhanced unwinding techniques and applications to scenarios from the Smart Metering domain.


Smart Grid International Electrotechnical Commission Local Consistency Renewable Portfolio Standard Hierarchical State 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Jif: Java + Information Flow,
  2. 2.
    STAN: Information flow analysis for small embedded systems,
  3. 3.
    The Haskell Programming Language,
  4. 4.
    The European Parliament and Council. Measuring instruments directive (2004/22/ec). Official Journal of the EU (2004)Google Scholar
  5. 5.
    Alghathbar, K., Farkas, C., Wijesekera, D.: Securing UML information flow using flowUML. Journal of Research and Practice in Information Technology, pp. 229–238. INSTICC Press (2006)Google Scholar
  6. 6.
    Anderson, R.J.: Security engineering - a guide to building dependable distributed systems, 2nd edn. Wiley (2008)Google Scholar
  7. 7.
    Barthe, G., Pichardie, D., Rezk, T.: A Certified Lightweight Non-interference Java Bytecode Verifier. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 125–140. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Broy, M.: A logical basis for component-oriented software and systems engineering. Comput. J. 53, 1758–1782 (2010)CrossRefGoogle Scholar
  9. 9.
    Das, D., Kreikebaum, F., Divan, D., Lambert, F.: Reducing transmission investment to meet renewable portfolio standards using smart wires. In: 2010 IEEE PES Transmission and Distribution Conference and Exposition: Smart Solutions for a Changing World (2010)Google Scholar
  10. 10.
    Ghindici, D., Grimaud, G., Simplot-Ryl, I.: Embedding verifiable information flow analysis. In: Proc. Annual Conference on Privacy, Security and Trust, Toronto, Canada, pp. 343–352 (November 2006)Google Scholar
  11. 11.
    Giffhorn, D., Hammer, C.: Precise Analysis of Java Programs using JOANA (Tool Demonstration). In: 8th IEEE International Working Conference on Source Code Analysis and Manipulation, pp. 267–268 (September 2008)Google Scholar
  12. 12.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  13. 13.
    Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: IEEE Symposium on Security and Privacy (1984)Google Scholar
  14. 14.
    Hammer, C.: Information flow control for Java based on path conditions in dependence graphs. In: IEEE International Symposium on Secure Software Engineering (2006)Google Scholar
  15. 15.
    Harel, D.: Statecharts: A visual formalism for complex systems (1987)Google Scholar
  16. 16.
    International Electrotechnical Commission (IEC). IEC 62351 Parts 1-8, Information Security for Power System Control OperationsGoogle Scholar
  17. 17.
    Jürjens, J.: Secure Systems Development with UML. Springer (2005)Google Scholar
  18. 18.
    Mantel, H.: On the composition of secure systems. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 88–101 (2002)Google Scholar
  19. 19.
    Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes, Saarbrücken, Germany (2003)Google Scholar
  20. 20.
    Mealy, G.H.: A method for synthesizing sequential circuits. Bell System Technical Journal 34(5), 1045–1079 (1955)MathSciNetGoogle Scholar
  21. 21.
    Milner, R.: A Calculus of Communicating Systems. Springer-Verlag New York, Inc., Secaucus (1982)Google Scholar
  22. 22.
    National Energy Technology Laboratory. A vision for the smart grid. Report (June 2009),
  23. 23.
    Network of Excellence on Engineering Secure Future Internet Software Services and Systems (Nessos). Deliverable 11.2 (2011)Google Scholar
  24. 24.
    von Oheimb, D.: Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 225–243. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Potter, C.W., Archambault, A., Westrick, K.: Building a smarter smart grid through better renewable energy information. In: 2009 IEEE/PES Power Systems Conference and Exposition, PSCE 2009 (2009)Google Scholar
  26. 26.
    Rushby, J.: Noninterference, transitivity and channel-control security policies. Technical report (1992)Google Scholar
  27. 27.
    Schneiderman, R.: Smart grid represents a potentially huge market for the electronics industry. IEEE Signal Processing Magazine 27(5), 8–15 (2010)MathSciNetCrossRefGoogle Scholar
  28. 28.
    Tenzer, J., Stevens, P.: On modelling recursive calls and callbacks with two variants of unified modelling language state diagrams. Form. Asp. Comput. 18, 397–420 (2006)zbMATHCrossRefGoogle Scholar
  29. 29.
    Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4, 167–187 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Martín Ochoa
    • 1
    • 2
  • Jan Jürjens
    • 1
  • Jorge Cuéllar
    • 2
  1. 1.Siemens AGGermany
  2. 2.TU DortmundGermany

Personalised recommendations