Skip to main content
SpringerLink
Log in

A Theorem Proving Approach to Analysis of Secure Information Flow

  • Conference paper
Security in Pervasive Computing (SPC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3450))

Included in the following conference series:

Abstract

Most attempts at analysing secure information flow in programs are based on domain-specific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. We recast the information flow problem in a general program logic rather than a problem-specific one. We investigate the feasibility of this approach by showing how a general purpose tool for software verification can be used to perform information flow analyses. We are able to prove security and insecurity of programs including advanced features such as method calls, loops, and object types for the target language Java Card. In addition, we can express declassification of information.

A preliminary short version of this paper appeared in WITS’03, Workshop on Issues in the Theory of Security, April 2003.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Darvas, Á., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. Technical Report 2004-01, Department of Computing Science, Chalmers University of Technology and Göteborg University (2004)

    Google Scholar 

  2. Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and System Modeling (2004);Online First issue, to appear in print

    Google Scholar 

  3. Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: Proc. 17th IEEE Comp. Sec. Founds. Workshop (2004)

    Google Scholar 

  4. Beckert, B.: A dynamic logic for the formal verification of Java Card programs. Java on Smart Cards: Programming and Security, 6–24 (2001)

    Google Scholar 

  5. Beckert, B., Mostowski, W.: A program logic for handling JAVA cARD’s transaction mechanism. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 246–260. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Cohen, E.S.: Information transmission in sequential programs. In: Foundations of Secure Computation, pp. 297–335. Academic Press, London (1978)

    Google Scholar 

  7. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)

    Article  MATH  Google Scholar 

  8. Detlefs, D.L., Nelson, G., Saxe, J.B.: A theorem prover for program checking. Research report 178, Compaq SRC (2002)

    Google Scholar 

  9. Giacobazzi, R., Mastroeni, I.: Proving abstract non-interference. In: Conf. of the European Association for Computer Science Logic, pp. 280–294 (2004)

    Google Scholar 

  10. Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press, Cambridge (2000)

    MATH  Google Scholar 

  11. Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Science of Computer Programming 37(1–3), 113–138 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  12. Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Proc.UML, pp. 412–425 (2002)

    Google Scholar 

  13. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proc.POPL , pp. 228–241(January 1999)

    Google Scholar 

  14. Pottier, F., Simonet, V.: Information flow inference for ML. In: Proc. POPL, pp. 319–330 (January 2002)

    Google Scholar 

  15. Pottier, F., Simonet, V.: Information flow inference for ML. ACM Trans. on Progr. Langs. and Systems 25(1), 117–158 (2003)

    Article  Google Scholar 

  16. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communication 21(1) (January 2003)

    Google Scholar 

  17. Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. Higher-Order and Symbolic Computation 14(1), 59–91 (2001)

    Article  MATH  Google Scholar 

  18. Stenzel, K.: Verification of JavaCard programs. Technical report 2001-5, Institut für Informatik, Universität Augsburg, Germany (2001)

    Google Scholar 

  19. Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proc. IEEE Comp. Sec. Founds. Workshop, pp. 156–168 (June 1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Swiss Federal Institute of Technology (ETH), Zurich

    Ádám Darvas

  2. Chalmers University of Technology, Sweden

    Reiner Hähnle & David Sands

Authors
  1. Ádám Darvas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reiner Hähnle
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Sands
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. DFKI, Stuhlsatzenhausweg 3, D-66123, Saarbrücken, Germany

    Dieter Hutter

  2. Federal Office for Information Security (BSI), Godesberger Allee 185-189, 53175, Bonn, Germany

    Markus Ullmann

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Darvas, Á., Hähnle, R., Sands, D. (2005). A Theorem Proving Approach to Analysis of Secure Information Flow. In: Hutter, D., Ullmann, M. (eds) Security in Pervasive Computing. SPC 2005. Lecture Notes in Computer Science, vol 3450. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-32004-3_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-32004-3_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25521-5

  • Online ISBN: 978-3-540-32004-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation