Abstract
Noninterference is a high-level security property that guarantees the absence of illicit information flow at runtime. Noninterference can be enforced statically using information flow type systems; however, these are criticized for being overly conservative and rejecting secure programs. More precision can be achieved by using program logics, but such an approach lacks its own verification tools. In this work we propose a novel, alternative approach: utilizing symbolic execution in combination with ideas from program logics in an attempt to increase the precision of analyses and automate noninterference testing. Dealing with policies incorporating declassification is also explored. The feasibility of the proposal is illustrated using a prototype tool based on the KLEE symbolic execution engine.
Keywords
- Noninterference
- declassification
- symbolic execution
- testing
This research is partly funded by the EU project FP7-231620 HATS: Highly Adaptable and Trustworthy Software using Formal Models ( http://www.hats-project.eu ).
Download conference paper PDF
References
Backes, M., Kopf, B., Rybalchenko, A.: Automatic discovery and quantification of information leaks. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp. 141–153. IEEE Computer Society, Washington, DC (2009)
Banerjee, A., Naumann, D.A.: Stack-based access control and secure information flow. Journal of Functional Programming 15, 131–177 (2005)
Banerjee, A., Naumann, D.A., Rosenberg, S.: Towards a logical account of declassification. In: Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security, PLAS 2007, pp. 61–66. ACM, New York (2007)
Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: Proceedings of the 17th IEEE workshop on Computer Security Foundations, pp. 100–114. IEEE Computer Society, Washington, DC (2004)
Barthe, G., Rezk, T.: Non-interference for a JVM-like language. In: TLDI 2005, pp. 103–112. ACM, New York (2005)
Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI 2008, pp. 209–224. USENIX Association, Berkeley, CA (2008)
Cohen, E.S.: Information transmission in sequential programs. In: DeMillo, R.A., Dobkin, D.P., Jones, A.K., Lipton, R.J. (eds.) Foundations of Secure Computation, pp. 297–335. Academic Press (1978)
Darvas, Á., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. Technical Report S-412 96, Chalmers University of Technology and Göteborg University (2004)
Focardi, R., Gorrieri, R.: A taxonomy of security properties for process algebras. Journal of Computer Security 3(1), 5–34 (1995)
Giacobazzi, R., Mastroeni, I.: Abstract non-interference: Parameterizing non-interference by abstract interpretation. In: Proc. of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2004), pp. 186–197. ACM Press, NY (2004)
Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2005, pp. 213–223. ACM, New York (2005)
Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Science of Computer Programming 37, 113–138 (2000)
King, J.C.: Symbolic execution and program testing. Communications of the ACM 19, 385–394 (1976)
Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. Journal of Computer Security 14(2), 157–196 (2006)
Pottier, F., Simonet, V.: Information flow inference for ML. SIGPLAN Not. 37, 319–330 (2002)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Myers, A.C.: A Model for Delimited Information Release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)
Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proceedings of the 18th IEEE Workshop on Computer Security Foundations, pp. 255–269. IEEE Computer Society, Washington, DC (2005)
Sen, K., Marinov, D., Agha, G.: CUTE: a concolic unit testing engine for C. SIGSOFT Software Engineering Notes 30, 263–272 (2005)
Terauchi, T., Aiken, A.: Secure Information Flow as a Safety Problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)
Volpano, D.M., Smith, G.: A Type-Based Approach to Program Security. In: Bidoit, M., Dauchet, M. (eds.) CAAP/FASE/TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)
Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Proceedings 16th IEEE Computer Security Foundations Workshop, pp. 29–43 (July 2003)
Zdancewic, S., Myers, A.C.: Robust declassification. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations, CSFW 2001, pp. 15–23. IEEE Computer Society, Washington, DC (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Milushev, D., Beck, W., Clarke, D. (2012). Noninterference via Symbolic Execution. In: Giese, H., Rosu, G. (eds) Formal Techniques for Distributed Systems. FMOODS FORTE 2012 2012. Lecture Notes in Computer Science, vol 7273. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30793-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-30793-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30792-8
Online ISBN: 978-3-642-30793-5
eBook Packages: Computer ScienceComputer Science (R0)
