Abstract
We propose an approach to certify the information flow security of multi-threaded programs independently from the scheduling algorithm. A scheduler-independent verification is desirable because the scheduler is part of the runtime environment and, hence, usually not known when a program is analyzed. Unlike for other system properties, it is not straightforward to achieve scheduler independence when verifying information flow security, and the existing independence results are very restrictive. In this article, we show how some of these restrictions can be overcome. The key insight in our development of a novel scheduler-independent information flow property was the identification of a suitable class of schedulers that covers the most relevant schedulers. The contributions of this article include a novel security property, a scheduler independence result, and a provably sound program analysis.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: 3rd IEEE Symposium on Security and Privacy, pp. 11–20. IEEE, Los Alamitos (1982)
Jacob, J.: On the Derivation of Secure Components. In: 10th IEEE Symposium on Security and Privacy, pp. 242–247. IEEE, Los Alamitos (1989)
Volpano, D., Smith, G.: Probabilistic Noninterference in a Concurrent Language. Journal of Computer Security 7(2,3), 231–253 (1999)
Russo, A., Hughes, J., Naumann, D.A., Sabelfeld, A.: Closing Internal Timing Channels by Transformation. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 120–135. Springer, Heidelberg (2008)
Smith, G., Volpano, D.: Secure Information Flow in a Multi-threaded Imperative Language. In: 25th ACM Symposium on Principles of Programming Languages, pp. 355–364. ACM, New York (1998)
Zdancewic, S., Myers, A.C.: Observational Determinism for Concurrent Program Security. In: 16th IEEE Computer Security Foundations Workshop, pp. 29–43. IEEE, Los Alamitos (2003)
Sabelfeld, A., Sands, D.: Probabilistic Noninterference for Multi-threaded Programs. In: 13th IEEE Computer Security Foundations Workshop, pp. 200–214. IEEE, Los Alamitos (2000)
Boudol, G., Castellani, I.: Noninterference for Concurrent Programs and Thread Systems. Theoretical Computer Science 281(1-2), 109–130 (2002)
Russo, A., Sabelfeld, A.: Securing Interaction between Threads and the Scheduler. In: 19th IEEE Computer Security Foundations Workshop, pp. 177–189. IEEE, Los Alamitos (2006)
Sabelfeld, A.: Confidentiality for Multithreaded Programs via Bisimulation. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 260–274. Springer, Heidelberg (2004)
Smith, G.: Probabilistic Noninterference through Weak Probabilistic Bisimulation. In: 16th IEEE Computer Security Foundations Workshop, pp. 3–13. IEEE, Los Alamitos (2003)
Sabelfeld, A., Sands, D.: A Per Model of Secure Information Flow in Sequential Programs. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 50–59. Springer, Heidelberg (1999)
Volpano, D., Smith, G., Irvine, C.: A Sound Type System for Secure Flow Analysis. Journal of Computer Security 4(2,3), 167–188 (1996)
Mantel, H., Sands, D.: Controlled Declassification Based on Intransitive Noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)
Smith, G.: A New Type System for Secure Information Flow. In: 14th IEEE Computer Security Foundations Workshop, pp. 115–125. IEEE, Los Alamitos (2001)
Matos, A.A., Boudol, G., Castellani, I.: Typing Noninterference for Reactive Programs. Journal of Logic and Algebraic Programming 72(2), 124–156 (2007)
Sabelfeld, A., Myers, A.C.: Language-based Information-Flow Security. IEEE Journal on Selected Areas in Communication 21(1), 5–19 (2003)
Sabelfeld, A.: The Impact of Synchronisation on Secure Information Flow in Concurrent Programs. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds.) PSI 2001. LNCS, vol. 2244, pp. 225–239. Springer, Heidelberg (2001)
Barthe, G., D’Argenio, P.R., Rezk, T.: Secure Information Flow by Self-Composition. In: 17th IEEE Computer Security Foundations Workshop, pp. 100–114. IEEE, Los Alamitos (2004)
Mantel, H., Sudbrock, H., Kraußer, T.: Combining Different Proof Techniques for Verifying Information Flow Security. In: Puebla, G. (ed.) LOPSTR 2006. LNCS, vol. 4407, pp. 94–110. Springer, Heidelberg (2007)
Mantel, H., Reinhard, A.: Controlling the What and Where of Declassification in Language-Based Security. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 141–156. Springer, Heidelberg (2007)
Russo, A., Sabelfeld, A.: Security for Multithreaded Programs under Cooperative Scheduling. In: Virbitskaite, I., Voronkov, A. (eds.) PSI 2006. LNCS, vol. 4378, pp. 474–480. Springer, Heidelberg (2007)
McLean, J.D.: Proving Noninterference and Functional Correctness using Traces. Journal of Computer Security 1(1), 37–57 (1992)
Roscoe, A.W., Woodcock, J.C.P., Wulf, L.: Non-interference through Determinism. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 33–53. Springer, Heidelberg (1994)
Roscoe, A.W.: CSP and Determinism in Security Modelling. In: 16th IEEE Symposium on Security and Privacy, pp. 114–127. IEEE, Los Alamitos (1995)
Huisman, M., Worah, P., Sunesen, K.: A Temporal Logic Characterisation of Observational Determinism. In: 19th IEEE Computer Security Foundations Workshop, pp. 3–15. IEEE, Los Alamitos (2006)
Mantel, H., Sabelfeld, A.: A Unifying Approach to the Security of Distributed and Multi-threaded Programs. Journal of Computer Security 11(4), 615–676 (2003)
Focardi, R., Rossi, S., Sabelfeld, A.: Bridging Language-Based and Process Calculi Security. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 299–315. Springer, Heidelberg (2005)
Köpf, B., Mantel, H.: Transformational Typing and Unification for Automatically Correcting Insecure Programs. International Journal of Information Security 6(2-3), 107–131 (2007)
Lux, A., Mantel, H.: Declassification with Explicit Reference Points. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 69–85. Springer, Heidelberg (2009)
Barthe, G., Rezk, T., Russo, A., Sabelfeld, A.: Security of Multithreaded Programs by Compilation. In: Biskup, J., Lopez, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 2–18. Springer, Heidelberg (2007)
Russo, A., Sabelfeld, A.: Securing Interaction between Threads and the Scheduler in the Presence of Synchronization. Journal of Logic and Algebraic Programming 78(7), 593–618 (2009)
van der Meyden, R., Zhang, C.: Information Flow in Systems with Schedulers. In: 21st IEEE Computer Security Foundations Symposium, pp. 301–312. IEEE, Los Alamitos (2008)
Chatzikokolakis, K., Palamidessi, C.: Making Random Choices Invisible to the Scheduler. In: Caires, L., Vasconcelos, V.T. (eds.) CONCUR 2007. LNCS, vol. 4703, pp. 42–58. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mantel, H., Sudbrock, H. (2010). Flexible Scheduler-Independent Security. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds) Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol 6345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15497-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-15497-3_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15496-6
Online ISBN: 978-3-642-15497-3
eBook Packages: Computer ScienceComputer Science (R0)