Abstract
Information-flow control mechanisms are difficult to design and labor intensive to prove correct. To reduce the time wasted on proof attempts doomed to fail due to broken definitions, we advocate modern random testing techniques for finding counterexamples during the design process. We show how to use QuickCheck, a property-based random-testing tool, to guide the design of a simple information-flow abstract machine. We find that both sophisticated strategies for generating well-distributed random programs and readily falsifiable formulations of noninterference properties are critically important. We propose several approaches and evaluate their effectiveness on a collection of injected bugs of varying subtlety. We also present an effective technique for shrinking large counterexamples to minimal, easily comprehensible ones. Taken together, our best methods enable us to quickly and automatically generate simple counterexamples for all these bugs.
- T. H. Austin and C. Flanagan. Efficient purely-dynamic information flow analysis. In Workshop on Programming Languages and Analysis for Security (PLAS), PLAS. 2009. Google Scholar
Digital Library
- A. Azevedo de Amorim, N. Collins, A. DeHon, D. Demange, C. Hritcu, D. Pichardie, B. C. Pierce, R. Pollack, and A. Tolmach. A verified information-flow architecture. Under submission, July 2013.Google Scholar
- S. Berghofer and T. Nipkow. Random testing in Isabelle/HOL. In 2nd International Conference on Software Engineering and Formal Methods (SEFM). 2004. Google Scholar
Digital Library
- A. Birgisson, D. Hedin, and A. Sabelfeld. Boosting the permissiveness of dynamic information-flow tracking by testing. In 17th European Symposium on Research in Computer Security, ESORICS. 2012.Google Scholar
Cross Ref
- L. Bulwahn. The new Quickcheck for Isabelle - random, exhaustive and symbolic testing under one roof. In 2nd International Conference on Certified Programs and Proofs (CPP), volume 7679 of Lecture Notes in Computer Science. 2012. Google Scholar
Digital Library
- L. Bulwahn. Smart testing of functional programs in Isabelle. In 18th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR), volume 7180 of Lecture Notes in Computer Science. 2012. Google Scholar
Digital Library
- C. Cadar, D. Dunbar, and D. Engler. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In 8th USENIX conference on Operating systems design and implementation, OSDI. 2008. Google Scholar
Digital Library
- C. Cadar, P. Godefroid, S. Khurshid, C. S. Pasareanu, K. Sen, N. Tillmann, and W. Visser. Symbolic execution for software testing in practice: preliminary assessment. In 33rd International Conference on Software Engineering, ICSE '11. 2011. Google Scholar
Digital Library
- K. Claessen and J. Hughes. QuickCheck: a lightweight tool for random testing of Haskell programs. In 5th ACM SIGPLAN International Conference on Functional Programming, ICFP. 2000. Google Scholar
Digital Library
- P. Dybjer, Q. Haiyan, and M. Takeyama. Combining testing and proving in dependent type theory. In 16th International Conference on Theorem Proving in Higher Order Logics (TPHOLs), volume 2758 of Lecture Notes in Computer Science. 2003.Google Scholar
Cross Ref
- C. Eastlund. Doublecheck your theorems. In ACL2, 2009. Google Scholar
Digital Library
- J. S. Fenton. Memoryless subsystems. The Computer Journal, 17(2):143--147, 1974.Google Scholar
Cross Ref
- P. Godefroid, N. Klarlund, and K. Sen. DART: directed automated random testing. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI. 2005. Google Scholar
Digital Library
- J. A. Goguen and J. Meseguer. Unwinding and inference control. In IEEE Symposium on Security and Privacy, 1984.Google Scholar
Cross Ref
- D. Hedin and A. Sabelfeld. Information-flow security for a core of JavaScript. In 25th IEEE Computer Security Foundations Symposium (CSF), CSF. 2012. Google Scholar
Digital Library
- C. Hrit¸cu, M. Greenberg, B. Karel, B. C. Pierce, and G. Morrisett. All your IFCException are belong to us. In 34th IEEE Symposium on Security and Privacy. May 2013. Google Scholar
Digital Library
- J. Hughes. QuickCheck testing for fun and profit. In 9th International Symposium on Practical Aspects of Declarative Languages (PADL), volume 4354 of Lecture Notes in Computer Science. 2007. Google Scholar
Digital Library
- C. Klein, J. Clements, C. Dimoulas, C. Eastlund, M. Felleisen, M. Flatt, J. A. McCarthy, J. Rafkind, S. Tobin-Hochstadt, and R. B. Findler. Run your research: On the effectiveness of lightweight mechanization. In Principles of Programming Languages (POPL), 2012. Google Scholar
Digital Library
- C. Pacheco and M. D. Ernst. Randoop: feedback-directed random testing for Java. In 22nd ACM SIGPLAN Conference on Object-Oriented Programming Systems And Applications, OOPSLA. 2007. Google Scholar
Digital Library
- H. Raju Chamarthi, P. Dillinger, M. Kaufmann, and P. Manolios. Integrating testing and interactive theorem proving. In ACL2, 2011.Google Scholar
Cross Ref
- J. Regehr, Y. Chen, P. Cuoq, E. Eide, C. Ellison, and X. Yang. Testcase reduction for C compiler bugs. In 33rd ACM SIGPLAN conference on Programming Language Design and Implementation. ACM, 2012. Google Scholar
Digital Library
- A. Russo and A. Sabelfeld. Dynamic vs. static flow-sensitive security analysis. In 23rd Computer Security Foundations Symposium (CSF), CSF. 2010. Google Scholar
Digital Library
- A. Sabelfeld and A. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, January 2003. Google Scholar
Digital Library
- A. Sabelfeld and A. Russo. From dynamic to static and back: Riding the roller coaster of information-flow control research. In Ershov Memorial Conference. 2009. Google Scholar
Digital Library
- D. Stefan, A. Russo, J. C. Mitchell, and D. Mazieres. Flexible dynamic information flow control in Haskell. In 4th Symposium on Haskell. 2011. Google Scholar
Digital Library
- N. Williams, B. Marre, and P. Mouy. On-the-fly generation of Kpath tests for C functions. In 19th IEEE International Conference on Automated Software Engineering, ASE. 2004. Google Scholar
Digital Library
- X. Yang, Y. Chen, E. Eide, and J. Regehr. Finding and understanding bugs in C compilers. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI. 2011. Google Scholar
Digital Library
- S. A. Zdancewic. Programming Languages for Information Security. PhD thesis, Cornell University, August 2002. Google Scholar
Digital Library
- A. Zeller and R. Hildebrandt. Simplifying and isolating failure-inducing input. IEEE Transactions on Software Engineering, 28(2):183--200, 2002. Google Scholar
Digital Library
Index Terms
Testing noninterference, quickly
Recommendations
Testing noninterference, quickly
ICFP '13: Proceedings of the 18th ACM SIGPLAN international conference on Functional programmingInformation-flow control mechanisms are difficult to design and labor intensive to prove correct. To reduce the time wasted on proof attempts doomed to fail due to broken definitions, we advocate modern random testing techniques for finding ...
Noninterference via symbolic execution
FMOODS'12/FORTE'12: Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed SystemsNoninterference is a high-level security property that guarantees the absence of illicit information flow at runtime. Noninterference can be enforced statically using information flow type systems; however, these are criticized for being overly ...
State Space Reduction for Verifying Noninterference
SSIRI '09: Proceedings of the 2009 Third IEEE International Conference on Secure Software Integration and Reliability ImprovementExisting algorithmic approaches to verifying noninterference suffer from the state explosion problem. In order to make these approaches more practical, we proposed an abstraction technique which attempts to decrease the size of the security system by ...







Comments