Abstract
Denotational semantics for a substantial fragment of Java is formalized by deep embedding in PVS, making extensive use of dependent types. A static analyzer for secure information flow for this language is proved correct, that is, it enforces noninterference.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Banerjee, A., Naumann, D.A.: Secure information flow and pointer confinement in a Java-like language. In: 15th IEEE Computer Security Foundations Workshop (2002)
Banerjee, A., Naumann, D.A.: Stack-based access control for secure information flow. Journal of Functional Programming 15(2) (2003) (Special issue on Language Based Security)
Banerjee, A., Naumann, D.A.: State based encapsulation and generics. Technical Report CS-2004-11, Stevens Institute of Technology (2004)
Bartels, F., Pfeifer, H., von Henke, F., Rueß, H.: Mechanizing domain theory. Technical Report UIB-96-10 (1996)
Darvas, A., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: Workshop on Issues in the Theory of Security (WITS), ACM Press, New York (2003)
Gong, L.: Inside Java 2 Platform Security. Addison-Wesley, Reading (1999)
Igarashi, A., Pierce, B., Wadler, P.: Featherweight Java: A minimal core calculus for Java and GJ. ACM Trans. Prog. Lang. Syst. 23(3), 396–459 (2001)
Jacobs, B., Pieters, W., Warnier, M.: Statically checking confidentiality via dynamic labels. In: Workshop on Issues in the Theory of Security (WITS). ACM Press, New York (2005)
Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Science of Computer Programming 37(1–3), 113–138 (2000)
Kennedy, A., Syme, D.: Design and implementation of generics for the .NET Common Language Runtime. In: Programming Language Design and Implementation (2001)
Leavens, G.T., Cheon, Y., Clifton, C., Ruby, C., Cok, D.R.: How the design of JML accommodates both runtime assertion checking and formal verification. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2002. LNCS, vol. 2852, pp. 262–284. Springer, Heidelberg (2003)
Levy, P.: Possible world semantics for general storage in call-by-value. In: Bradfield, J.C. (ed.) CSL 2002 and EACSL 2002, vol. 2471, p. 232. Springer, Heidelberg (2002)
Owre, S., Rushby, J.M., Shankar, N.: PVS: A prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS (LNAI), vol. 607. Springer, Heidelberg (1992)
Rushby, J.: Noninterference, transitivity, and channel-control security policies. Technical report, SRI (December 1992)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)
Strecker, M.: Formal analysis of an information flow type system for MicroJava (extended version). Technical report, Technische Universität München (July 2003)
Sun, Q., Banerjee, A., Naumann, D.A.: Modular and constraint-based information flow inference for an object-oriented language. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 84–99. Springer, Heidelberg (2004)
Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997, vol. 1214. Springer, Heidelberg (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naumann, D.A. (2005). Verifying a Secure Information Flow Analyzer. In: Hurd, J., Melham, T. (eds) Theorem Proving in Higher Order Logics. TPHOLs 2005. Lecture Notes in Computer Science, vol 3603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11541868_14
Download citation
DOI: https://doi.org/10.1007/11541868_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28372-0
Online ISBN: 978-3-540-31820-0
eBook Packages: Computer ScienceComputer Science (R0)