Skip to main content
SpringerLink
Log in

A Proof System for Information Flow Security

  • Conference paper
  • First Online:
Logic Based Program Synthesis and Transformation (LOPSTR 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2664))

Abstract

Persistent_BNDC (P_BNDC, for short) is an information-flow security property for processes in dynamic contexts, i.e., contexts that can be reconfigured at runtime. Intuitively, P_BNDC requires that high level interactions never interfere with the low level behavior of the system, in every possible state. P_BNDC is verified by checking whether the system interacting with a high level component is bisimilar or not to the system in isolation. In this work we contribute to the verification of information-flow security in two respects: (i) we give an unwinding condition that allows us to express P_BNDC in terms of a local property on high level actions and (ii) we exploit this local property in order to define a proof system which provides a very efficient technique for the development and the verification of P_BNDC processes.

This work has been partially supported by the MURST project “Modelli formali per la sicurezza” and the EU Contract IST-2001-32617 “Models and Types for Security in Mobile Distributed Systems” (MyThS).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Abadi. Secrecy by Typing in Security Protocols. Journal of the ACM, 46(5):749–786, 1999.

    Article  MATH  MathSciNet  Google Scholar 

  2. C. Bodei, P. Degano, F. Nielson, and H. Nielson. Static analysis for the pi-calculus with applications to security. Information and Computation, 168(1):68–92, 2001.

    Article  MATH  MathSciNet  Google Scholar 

  3. A. Bossi, R. Focardi, C. Piazza, and S. Rossi. Transforming processes to ensure and check information flow security. In H. Kirchner and C. Ringeissen, editors, Int. Conference on Algebraic Methodology and Software Technology (AMAST’02), volume 2422 of LNCS, pages 271–286. Springer, 2002.

    Chapter  Google Scholar 

  4. A. Bouali and R. de Simone. Symbolic Bisimulation Minimization. In Proc. of Computer Aided Verification, volume 663 of LNCS, pages 96–108. Springer, 1992.

    Google Scholar 

  5. G. Boudol and I. Castellani. Non-Interference for Concurrent Programs. In Proc. of Int. Colloquium on Automata, Languages and Programming, volume 2076 of LNCS, pages 382–395. Springer, 2001.

    Chapter  Google Scholar 

  6. C. Braghin, A. Cortesi, and R. Focardi. Control Flow Analysis of Mobile Ambients with Security Boundaries. In Proc. of IFIPM Int. Conf. on Formal Methods for Open Object-Based Distributed Systems, pages 197–212. Kluwer, 2002.

    Google Scholar 

  7. A. Dovier, C. Piazza, and A. Policriti. A Fast Bisimulation Algorithm. In Proc. of Computer Aided Verification, volume 2102 of LNCS, pages 79–90. Springer, 2001.

    Google Scholar 

  8. N. A. Durgin, J. C. Mitchell, and D. Pavlovic. A Compositional Logic for Protocol Correctness. In Proc. of Computer Security Foundations Workshop. IEEE, 2001.

    Google Scholar 

  9. R. Focardi and R. Gorrieri. The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties. IEEE Transactions on Software Engineering, 23(9):550–571, 1997.

    Article  Google Scholar 

  10. R. Focardi and R. Gorrieri. Classification of Security Properties (Part I: Information Flow). In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, volume 2171 of LNCS. Springer, 2001.

    Google Scholar 

  11. R. Focardi and S. Rossi. Information Flow Security in Dynamic Contexts. In Proc. of 15th Computer Security Foundations Workshop, pages 307–319. IEEE, 2002.

    Google Scholar 

  12. J. A. Goguen and J. Meseguer. Security Policies and Security Models. In Proc. of the IEEE Symp. on Security and Privacy, pages 11–20. IEEE, 1982.

    Google Scholar 

  13. M. Hennessy and J. Riely. Information Flow vs. Resource Access in the Asynchronous Pi-Calculus. In Proc. of Int. Colloquium on Automata, Languages and Programming (ICALP’00), volume 1853 of LNCS, pages 415–427. Springer, 2000.

    Chapter  Google Scholar 

  14. D. Lee and M. Yannakakis. Online Minimization of Transition Systems. In Proc. of 24th Symp. on Theory of Computing, pages 264–274. ACM, 1992.

    Google Scholar 

  15. H. Mantel. Possibilistic Definitions of Security — An Assebly Kit-. In Proc. of the IEEE Symp. on Security and Privacy, pages 185–199. IEEE, 2000.

    Google Scholar 

  16. H. Mantel. Unwinding Possibilistic Security Properties. In Proc. of European Symp. on Research in Computer Security, volume 2895 of LNCS. Springer, 2000.

    Google Scholar 

  17. F. Martinelli. Partial Model Checking and Theorem Proving for Ensuring Security Properties. In Proc. Computer Security Foundations Workshop. IEEE, 1998.

    Google Scholar 

  18. D. McCullough. A Hookup Theorem for Multilevel Security. IEEE Transactions on Software Engineering, pages 563–568, June 1990.

    Google Scholar 

  19. J. McLean. A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions. In Proc. Symp. on Security and Privacy, pages 79–93, 1994.

    Google Scholar 

  20. J. K. Millen. Unwinding Forward Correctability. In Proc. of 7th Computer Security Foundations Workshop, pages 2–10. IEEE, 1994.

    Google Scholar 

  21. R. Milner. Communication and Concurrency. Prentice-Hall, 1989.

    Google Scholar 

  22. R. Paige and R. E. Tarjan. Three Partition Refinement Algorithms. SIAM Journal on Computing, 16(6):973–989, 1987.

    Article  MATH  MathSciNet  Google Scholar 

  23. L. C. Paulson. Proving Properties of Security Protocols by Induction. In Proc. of 10th Computer Security Foundations Workshop, pages 70–83. IEEE, 1997.

    Google Scholar 

  24. J. Rushby. Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report Technical Report CSL-92-02, SRI International, December 1992.

    Google Scholar 

  25. A. Sabelfeld and D. Sands. Probabilistic Noninterference for Multi-threaded Programs. In Proc. of Computer Security Foundations Workshop. IEEE, 2000.

    Google Scholar 

  26. S. Schneider. Verifying Authentication Protocols in CSP. IEEE Transactions on Software Engineering, 24(9), 1998.

    Google Scholar 

  27. V. Shmatikov and J. C. Mitchell. Analysis of a Fair Exchange Protocol. In Proc. of 7th Annual Symp. on Network and Distributed System Security, pages 119–128. Internet Society, 2000.

    Google Scholar 

  28. G. Smith and D. M. Volpano. Secure Information Flow in a Multi-threaded Imperative Language. In Proc. of 25th Symp. on Principles of Programming Languages, pages 355–364. ACM, 1998.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università Ca’ Foscari di Venezia, Italy

    Annalisa Bossi, Riccardo Focardi, Carla Piazza & Sabina Rossi

Authors
  1. Annalisa Bossi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Riccardo Focardi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carla Piazza
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sabina Rossi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Electronics and Computer Science, University of Southampton, Highfield, Southampton, SO17 1BJ, UK

    Michael Leuschel

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bossi, A., Focardi, R., Piazza, C., Rossi, S. (2003). A Proof System for Information Flow Security. In: Leuschel, M. (eds) Logic Based Program Synthesis and Transformation. LOPSTR 2002. Lecture Notes in Computer Science, vol 2664. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45013-0_16

Download citation

  • DOI: https://doi.org/10.1007/3-540-45013-0_16

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40438-5

  • Online ISBN: 978-3-540-45013-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation