Skip to main content
SpringerLink
Log in

Instruction-level security typing by abstract interpretation

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

We present a method based on abstract interpretation to check secure information flow in programs with dynamic structures where input and output channels are associated with security levels. In the concrete operational semantics each value is annotated by a security level dynamically taking into account both the explicit and the implicit information flows. We define a collecting semantics which associates with each program point the set of concrete states of the machine when the point is reached. The abstract domains are obtained from the concrete ones by keeping the security levels and forgetting the actual values. Using this framework, we define an abstract semantics, called instruction-level security typing, that allows us to certify a larger set of programs with respect to the typing approaches to check secure information flow. An efficient implementation is shown, operating a fixpoint iteration similar to that of the Java bytecode verification.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., Banerjee, A., Heintze, N., Riecke, J.G.: A core calculus of dependency. In: 26th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Proceedings, January 20–22, 1999, San Antonio, pp. 147–160. ACM, New York (1999)

  2. Amtoft, T., Banerjee, A.: Information flow analysis in logical form. In: Giacobazzi, R. (ed.) SAS 2004 (11th Static Analysis Symposium), Verona, Italy, August 2004, Vol. 3148 of Lecture Notes in Computer Science, pp. 100–115. Springer, Berlin (2004)

  3. Avvenuti M., Bernardeschi C. and De Francesco N. (2003). Java bytecode verification for secure information flow. ACM SIGPLAN Notices 38(12): 20–27

    Article  Google Scholar 

  4. Banerjee, A., Naumann, D.: Secure information flow and pointer confinement in a Java-like language. In: 15th IEEE Security Foundations Workshop (CSFW’02) Proceedings. IEEE, 2002

  5. Barbuti R., Bernardeschi C. and De Francesco N. (2002). Abstract interpretation of operational semantics for secure information flow. Inform. Process. Lett. 83(2): 101–108

    Article  MATH  MathSciNet  Google Scholar 

  6. Barbuti, R., Bernardeschi, C., De Francesco N.: Checking security of Java bytecode by abstract interpretation. In: SAC ’02: Proceedings of the 2002 ACM symposium on Applied computing, March 10–14, 2002, Madrid, Spain, pp. 229–236. ACM New York (2002)

  7. Barbuti R., Bernardeschi C. and De Francesco N. (2004). Analyzing information flow properties in assembly code by abstract interpretation. Comput. J. 47(1): 25–45

    Article  MATH  Google Scholar 

  8. Barthe, G., Rezk, T.: Non-interference for a JVM-like language. In: TLDI ’05: Proceedings of the 2005 ACM SIGPLAN international workshop on types in languages design and implementation, pp. 103–112, New York, NY, USA, 2005. ACM, New York

  9. Bernardeschi, C., De Francesco, N.: Combining abstract interpretation and model checking for analysing security properties of Java bytecode. In: Cortesi, A. (ed.) Third International Workshop on Verification, Model Checking and Abstract Interpretation Proceedings, VMCAI 2002, Venice, January 21–22, 2002, Proceedings, Vol. 2294 of Lecture Notes in Computer Science, pp. 1–15. Springer, Berlin (2002)

  10. Bernardeschi C., De Francesco N. and Lettieri G. (2002). An abstract semantics tool for secure information flow of stack-based assembly programs. Microprocess. Microsyst. 26(8): 391–398

    Article  Google Scholar 

  11. Bieber, P., Cazin, J., Girard, P., Lanet, J.-L., Wiels, V., Zanon, G.: Checking secure interactions of smart card applets. In: ESORICS 2000 Proceedings (2000)

  12. Chen, Z.: Java Card Technology for Smart Cards: Architecture and Programmer’S Guide. Addison-Wesley Longman Publishing, (2000)

  13. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: 4th annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Proceedings, pp. 238–252, Los Angeles, (1977)

  14. Cousot P. and Cousot R. (1992). Abstract interpretation frameworks. J. Logic Comput. 2: 511–547

    Article  MATH  MathSciNet  Google Scholar 

  15. Cousot, P., Cousot, R.: Inductive definitions, semantics and abstract interpretations. In: ACM (ed) Conference Record of the Nineteenth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’92), Albuquerque, New Mexico, January 1992, pp. 83–94. ACM, New York (1992)

  16. De Francesco, N., Martini, L.: Abstract interpretation to check secure information flow in programs with input–output security annotations. In: Dimitrakos, T., Martinelli, F., Ryan, P. Y., Schneider, S., (eds) Formal Aspects in Security and Trust: Third International Workshop, FAST 2005, Newcastle upon Tyne, UK, July 18–19, 2005, Revised Selected Papers, Lecture Notes in Computer Science, pp. 63–80. Springer, Berlin (2006)

  17. De Francesco N., Santone A. and Tesei L. (2003). Abstract interpretation and model checking for checking secure information flow in concurrent systems. Fundam. Inf. 54(2–3): 195–211

    MATH  MathSciNet  Google Scholar 

  18. Denning D.E. (1976). A lattice model of secure information flow. Commun. ACM 19(5): 236–243

    Article  MATH  MathSciNet  Google Scholar 

  19. Denning D.E. and Denning P.J. (1977). Certification of programs for secure information flow. Commun ACM 20(7): 504–513

    Article  MATH  Google Scholar 

  20. Donnely C. and Stallman R. (1995). Bison, the YACC-compatible parser generator. Free Software Foundation, November

    Google Scholar 

  21. Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: Jones, N. D., Leroy, X. (eds.) Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, (POPL ’04), Venice, Italy, January 14–16, 2004, pp. 186–197, ACM, New York (2004)

  22. Heintze, N., Riecke, J. G.: The SLam calculus: programming with secrecy and integrity. In: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, January 19–21, 1998, San Diego, CA, USA, pp. 365–377. ACM, New York (1998)

  23. Hunt, S., Sands, D.: On flow-sensitive security types. In: Morrisett, J. G., Jones, S. L. P. (eds.) Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, Charleston, South Carolina, USA, January 11–13, 2006, pp. 79–90. ACM, New York (2006)

  24. Jacobs, B., Pieters, W., Warnier, M.: Statically checking confidentiality via dynamic labels. In: Workshop on Issues in the Theory of Security proceedings, Long Beach, CA, United States, January 20, 2005. ACM, New York (2005)

  25. Jones N.D., Nielson F. (1995) Abstract interpretation: a semantic based tool for program analysis. In: Abramsky, S., Gabbay, D.M.,Maibaum, T.S.E. (eds.) Handbook of Logic in Computer Science, Vol.4, 527–636. Oxford University Press, Oxford (1995)

  26. Joshi R. and Leino K.M. (2000). A semantic approach to secure information flow. Sci. Comput. Programm. 37(1–3): 113–138

    Article  MATH  MathSciNet  Google Scholar 

  27. Kildall, G.A.: A unified approach to global program optimization. In: Proceedings of the 1st Annual ACM Symposium on Principles of Programming Languages, Boston, Massachusetts, October 1973, pp. 194–206 (1973)

  28. Kobayashi, N., Shirane, K.: Type-based information flow analysis for low-level languages. In: Informal Proceedings of the 3rd Asian Workshop on Programming Languages and Systems (APLAS’02) (2002)

  29. Lampson B.W. (1973). A note on the confinement problem. Commun. ACM 16(10): 613–615

    Article  Google Scholar 

  30. Leroy X. (2003). Java bytecode verification: algorithms and formalizations. J. Automat. Reason. 30(3–4): 235–269

    Article  MATH  MathSciNet  Google Scholar 

  31. Lindholm, T., Yellin, F.: Java Virtual Machine Specification, 2nd edn. Addison-Wesley Longman Publishing (1999)

  32. Mizuno M. and Schmidt D.A. (1992). A security flow control algorithm and its denotational semantics correctness proof. Formal Aspects Comput. 4: 727–754

    Article  MATH  Google Scholar 

  33. Myers, A.C.: Jflow: practical mostly-static information flow control. In: 26th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Proceedings, January 20–22, 1999, San Antonio, TX, pp. 228–241. ACM, New York (1999)

  34. Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: SOSP ’97: Proceedings of the sixteenth ACM symposium on Operating systems principles, pp. 129–142. ACM, New York (1997)

  35. A guide to understanding Discretionary Access Control in trusted systems. Technical Report NCSC-TG-003 Version 1, National Computer Security Center, 1987

  36. Paxson, V.: Flex, a fast scanner generator, version 2.5, March 1995

  37. Pottier, F., Conchon, S.: Information flow inference for free. In: Proceedings of the Fifth ACM SIGPLAN International Conference on Functional Programming (ICFP ’00), Montreal, Canada, September 18–21, 2000, SIGPLAN Notices 35(9), pp. 46–57 (2000)

  38. Pottier, F., Simonet, V.: Information flow inference for ML. In 29th ACM Symposium on Principles of Programming Languages Proceedings, Portland, January 16–18, 2002, pp. 319–330 (2002)

  39. Sabelfeld A. and Myers A.C. (2003). Language-based information-flow security. IEEE J. Select. Areas Commun. 21(1): 5–19

    Article  Google Scholar 

  40. Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, January 19–21, 1998, San Diego, pp. 1–10. ACM, New York (1998)

  41. Volpano D., Smith G. and Irvine C. (1996). A sound type system for secure flow analysis. J. Comput. Secur. 4(3): 167–187

    Google Scholar 

  42. Zanotti, M.: Security typings by abstract interpretation. In: Static Analysis, 9th International Symposium, SAS 2002, Madrid, Spain, September 17–20, 2002, Proceedrings, Vol. 2477 of Lecture Notes in Computer Science, pp. 360–375, Springer, Berlin (2002)

  43. Zdancewic, S., Myers, A.C.: Secure information flow via linear continuations. Higher Order Symbol. Comput. 15(2–3), 209–234, Kluwer, Dordrecht (2002)

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Ingegneria dell’Informazione, Università di Pisa, Via Diotisalvi, 2, 52126, Pisa, Italy

    Nicoletta De Francesco & Luca Martini

Authors
  1. Nicoletta De Francesco
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luca Martini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luca Martini.

Additional information

This work was partially supported by the Italian COFIN 2004 project “AIDA: Abstract Interpretation Design and Application”.

Rights and permissions

Reprints and permissions

About this article

Cite this article

De Francesco, N., Martini, L. Instruction-level security typing by abstract interpretation. Int. J. Inf. Secur. 6, 85–106 (2007). https://doi.org/10.1007/s10207-007-0015-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-007-0015-0

Keywords

Search

Navigation