skip to main content
10.1145/1111037.1111044acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
Article

Decidability and proof systems for language-based noninterference relations

Published:11 January 2006Publication History

ABSTRACT

Noninterference is the basic semantical condition used to account for confidentiality and integrity-related properties in programming languages. There appears to be an at least implicit belief in the programming languages community that partial approaches based on type systems or other static analysis techniques are necessary for noninterference analyses to be tractable. In this paper we show that this belief is not necessarily true. We focus on the notion of strong low bisimulation proposed by Sabelfeld and Sands. We show that, relative to a decidable expression theory, strong low bisimulation is decidable for a simple parallel while-language, and we give a sound and relatively complete proof system for deriving noninterference assertions. The completeness proof provides an effective proof search strategy. Moreover, we show that common alternative noninterference relations based on traces or input-output relations are undecidable. The first part of the paper is cast in terms of multi-level security. In the second part of the paper we generalize the setting to accommodate a form of intransitive interference. We discuss the model and show how the decidability and proof system results generalize to this richer setting.

References

  1. J. Agat. Transforming out timing leaks. In Proceedings of the 27th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 40--53, Boston, MA, January 2000. ACM.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. Amtoft, S. Bandhakavi, and A. Banerjee. A logic for information flow analysis of pointer programs. In Proc. POPL'06. ACM, 2006.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Gilles Barthe and Tamara Rezk. Non-interference for a jvm-like language. In Proc. ACM SIGPLAN International Workshop on Types in Languages Design and Implementation (TLDI), pages 103--112. ACM, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. D.E. Bell and L.J. LaPadula. Secure computer systems: Unified exposition and MULTICS interpretation. Technical Report MTR-2997, Mitre Corp., Bedford, Mass., USA, June 1976.]]Google ScholarGoogle ScholarCross RefCross Ref
  5. G. Boudol and I. Castellani. Noninterference for concurrent programs and thread systems. Theor. Comput. Sci., 281(1--2):109--130, 2002.]]Google ScholarGoogle Scholar
  6. G. Boudol and A. Matos. on declassification and the non-disclosure policy. In Proc. Computer Security Foundations Workshop, pages 226--240, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. S. Chong and A. C. Myers. Security policies for downgrading. In Proc. ACM Conference on Computer and Communications Security, pages 198--209, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Søren Christensen, Yoram Hirshfeld, and Faron Moller. Bisimulation equivalence is decidable for basic parallel processes. In Proc. CONCUR'93, volume 715 of Lecture Notes in Computer Science, pages 143--157. Springer, 1993.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Dam and P. Giambiagi. Confidentiality for mobile code: The case of a simple payment protocol. In Proc. Computer Security Foundations Workshop, pages 233--244, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Á. Darvas, R. Hähnle, and D. Sands. A theorem proving approach to analysis of secure information flow. In Proc. Second International Conference on Security in Pervasive Computing, volume 3450 of Lecture Notes in Computer Science, pages 193--209. Springer, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, 1976.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504--513, July 1977.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. Focardi and R. Gorrieri. A classification of security properties for process algebras. Journal of Computer Security, 3(1):5--33, 1995.]]Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. Focardi and S. Rossi. Information flow security in dynamic contexts. In Proc. 15th Computer Security Foundations Workshop, pages 307--319, 2002.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. R. Focardi, S. Rossi, and A. Sabelfeld. Bridging language-based and process calculi security. In Proc. FoSSaCS, pages 299--315, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Samir Genaim and Fausto Spoto. Information flow analysis for java bytecode. In Proc. VMCAI'05, volume 3385 of Lecture Notes in Computer Science, pages 346--362. Springer, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. P. Giambiagi and M. Dam. On the secure implementation of security protocols. Sci.Comput. Program., 50(1--3):73--99, 2004.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. J.A. Goguen and J. Meseguer. Security policies and security models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy, pages 11--20, Oakland, CA, 1982.]]Google ScholarGoogle ScholarCross RefCross Ref
  19. N. Heintze and J. G. Riecke. The SLam Calculus: Programming with secrecy and integrity. In Proc. POPL'98, pages 365--377, 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. P. Li and S. Zdancewic. Downgrading policies and relaxed noninterference. In Proc. POPL'05, pages 158--170, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. H. Mantel. Possibilistic definitions of security -- an assembly kit --. In Proc. Computer Security Foundations Workshop, pages 185--199, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. H. Mantel. Information flow control and applications -- bridging a gap. In Proc. FME, pages 153--172, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. H. Mantel and D. Sands. Controlled declassification based on intransitive noninterference. In Proc. APLAS, pages 129--145, 2004.]]Google ScholarGoogle ScholarCross RefCross Ref
  24. Ricardo Medel, Adriana~B. Compagnoni, and Eduardo Bonelli. A typed assembly language for non-interference. In Proc. Italian Conference on Theoretical Computer Science, volume 3701 of Lecture Notes in Computer Science, pages 360--374. Springer, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Robin Milner. Communication and concurrency. Prentice-Hall, 1989.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. J. Rushby. Noninterference, transitivity, and channel-control security policies. Technical Report CSL-92-2, Stanford Research Institute, 1992.]]Google ScholarGoogle Scholar
  27. A. Sabelfeld. Confidentiality for multithreaded programs via bisimulation. In Proc. A. Ershov 5th International Conference on Perspectives of System Informatics, volume 2890 of Lecture Notes in Computer Science, pages 260--274. Springer, 2003.]]Google ScholarGoogle Scholar
  28. A. Sabelfeld and A. C. Myers. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, 21(1):1--15, January 2003.]]Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. A. Sabelfeld and A. C. Myers. A model for delimited information release. In Proc. International Symposium on Software Security, volume 3233 of Lecture Notes in Computer Science, pages 174--191. Springer, 2003.]]Google ScholarGoogle Scholar
  30. A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proc. Computer Security Foundations Workshop, pages 200--214, 2000.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. A. Sabelfeld and D. Sands. A PER model of secure information flow in sequential programs. Higher-Order and Symbolic Computation, 14(1):59--91, 2001.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. A. Sabelfeld and D. Sands. Dimensions and principles of declassification. In Proc. 18th Computer Security Foundations Workshop, pages 255--269, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proc. POPL'98, pages 355--364, 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Tachio Terauchi and Alexander Aiken. Secure information flow as a safety problem. In Proc. SAS'05, volume 3672 of Lecture Notes in Computer Science, pages 352--367. Springer, 2005.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. In Proceedings of 11th IEEE Computer Security Foundations Workshop, pages 34--43, Rockport, MA, June 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167--187, 1996.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. L. Zheng and A. C. Myers. Dynamic security labels and noninterference. In Proc. 2nd IFIP TC1 WG1.7 Workshop on Formal Aspects in Security and Trust (FAST), pages 27--40, 2004.]]Google ScholarGoogle Scholar

Index Terms

  1. Decidability and proof systems for language-based noninterference relations

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!