skip to main content
research-article

Abstract Non-Interference: A Unifying Framework for Weakening Information-flow

Published:05 February 2018Publication History
Skip Abstract Section

Abstract

Non-interference happens when some elements of a dynamic system do not interfere, i.e., do not affect, other elements in the same system. Originally introduced in language-based security, non-interference means that the manipulation of private information has no effect on public observations of data. In this article, we introduce abstract non-interference as a weakening of non-interference by abstract interpretation. Abstract non-interference is parametric on which private information we want to protect and which are the observational capabilities of the external observer, i.e., what the attacker can observe of a computation and of the data manipulated during the computation. This allows us to model a variety of situations in information-flow security, where the security of a system can be mastered by controlling the degree of precision of the strongest harmless attacker and the properties that are potentially leaked in case of successful attack.

References

  1. Open Web Application Security Project (OWASP). 2016. Retrieved November 13, 2016 from https://www.owasp.org.Google ScholarGoogle Scholar
  2. A. Askarov and S. Chong. 2012. Learning is change in knowledge: Knowledge-based security for dynamic policies. In Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF’12). 308-0-322. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. A. Askarov and A. C. Myers. 2011. Attacker control and impact for confidentiality and integrity. Logical Methods in Computer Science 7, 3 (2011).Google ScholarGoogle Scholar
  4. A. Askarov and A. Sabelfeld. 2007. Gradual release: Unifying declassification, encryption and key release policies. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Comput. Soc. Press, Los Alamitos, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Askarov and A. Sabelfeld. 2007. Localized delimited release: Combining the what and the where dimensions of information release. In Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security (PLAS’07). ACM, New York, 53--60. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. M. Assaf, D. A. Naumann, J. Signoles, E. Totel, and F. Tronel. 2017. Hypercollecting semantics and its application to static analysis of information flow. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’17). 874--887. http://dl.acm.org/citation.cfm?id=3009889 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Balliu, M. Dam, and G. Le Guernic. 2011. Epistemic temporal logic for information flow security. In Proceedings of the 2011 Workshop on Programming Languages and Analysis for Security (PLAS’11). 6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. M. Balliu and I. Mastroeni. 2010. A weakest precondition approach to robustness. Transactions on Computational Science 10 (2010), 261--297. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. A. Banerjee, D. A. Naumann, and S. Rosenberg. 2008. Expressive declassification policies and modular static enforcement. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (S8P’08). 339--353. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. F. Bellini, R. Chiodi, and I. Mastroeni. 2016. MIME - A formal approach for multiple investigation in (android) malware emulation analysis. In Proceedings of the 8th International Symposium on Foundation and Practice of Security (FPS’15), Lecture Notes in Computer Science, Vol. 9482. Springer, 259--267.Google ScholarGoogle Scholar
  11. D. Binkley, S. Danicic, T. Gyimóthy, M. Harman, Á. Kiss, and B. Korel. 2006. A formalisation of the relationship between forms of program slicing. Science of Computer Programming 62, 3 (2006), 228--252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. N. Broberg and D. Sands. 2009. Flow-sensitive semantics for dynamic information flow policies. In Proceedings of the ACM SIGPLAN 4th Workshop on Programming Languages and Analysis for Security (PLAS’09). ACM, New York, 101--112. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. W. Bryans, M. Koutny, L. Mazaré, and P. Y. A. Ryan. 2008. Opacity generalised to transition systems. Interntional Journal of Information Security 7, 6 (2008), 421--435. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Buro and I. Mastroeni. 2018. Abstract code injection - A semantic approach based on abstract non-interference. In Proceedings of the 19th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’18), Lecture Notes in Computer Science. Springer-Verlag. To appear.Google ScholarGoogle Scholar
  15. E. S. Cohen. 1978. Information transmission in sequential programs. In Foundations of Secure Computation, DeMillo et al. (Ed.). Academic Press, New York, 297--335.Google ScholarGoogle Scholar
  16. P. Cousot. 2001. Abstract interpretation based formal methods and future challenges. In Informatics - 10 Years Back. 10 Years Ahead. 138--156. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. P. Cousot. 2002. Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theoretical Computer Science 277, 1--2 (2002), 47--103. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. P. Cousot and R. Cousot. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Conference Record of the 4th ACM Symposium on Principles of Programming Languages (POPL’77). ACM, New York, 238--252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. P. Cousot and R. Cousot. 1979. Constructive versions of Tarski’s fixed point theorems. Pacific Journal of Mathematics 82, 1 (1979), 43--57.Google ScholarGoogle ScholarCross RefCross Ref
  20. P. Cousot and R. Cousot. 1979. Systematic design of program analysis frameworks. In Proceedings of the Conference Record of the 6th ACM Symposium on Principles of Programming Languages (POPL’79). ACM, New York, 269--282. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. P. Cousot and R. Cousot. 2002. Systematic design of program transformation frameworks by abstract interpretation. In Proceedings of the Conference Record of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, 178--190. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. S. Danicic, R. W. Barraclough, M. Harman, J. D. Howroyd, Á. Kiss, and M. R. Laurence. 2011. A unifying theory of control dependence and its application to arbitrary program structures. Theoretical Computer Science 412, 49 (2011), 6809--6842. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. B. A. Davey and H. A. Priestley. 1990. Introduction to Lattices and Order. Cambridge University Press, Cambridge, UK.Google ScholarGoogle Scholar
  24. R. Giacobazzi and I. Mastroeni. 2004. Abstract non-interference: Parameterizing non-interference by abstract interpretation. In Proceedings of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’04). ACM, New York, 186--197. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. R. Giacobazzi and I. Mastroeni. 2010. Adjoining classified and unclassified information by abstract interpretation. Journal of Computer Security 18, 5 (2010), 751--797. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. R. Giacobazzi and I. Mastroeni. 2010. A proof system for abstract non-interference. Journal of Logic and Computation 20, 2 (2010), 449--479. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. R. Giacobazzi and F. Ranzato. 1997. Refining and compressing abstract domains. In Proceedings of the 24th International Colloquium on Automata, Languages and Programming (ICALP’97), Lecture Notes in Computer Science, Vol. 1256, P. Degano, R. Gorrieri, and A. Marchetti-Spaccamela (Eds.). Springer-Verlag, Berlin, 771--781. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. R. Giacobazzi, F. Ranzato, and F. Scozzari. 2000. Making abstract interpretations complete. Journal of the ACM 47, 2 (2000), 361--416. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. J. A. Goguen and J. Meseguer. 1982. Security policies and security models. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Comp. Soc. Press, Los Alamitos, CA, 11--20.Google ScholarGoogle Scholar
  30. S. Hunt and I. Mastroeni. 2005. The PER model of abstract non-interference. In Proceedings of the 12th International Static Analysis Symposium (SAS’05), Lecture Notes in Computer Science, Vol. 3672, C. Hankin and I. Siveroni (Eds.). Springer-Verlag, Berlin, 171--185. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. G. Kang, H. Yin, S. Hanna, S. McCamant, and D. Song. 2009. Emulating emulation-resistant malware. In Proceedings of the 1st ACM Workshop on Virtual Machine Security (VMSec’09). ACM, New York, 11--22. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. P. Li and S. Zdancewic. 2005. Downgrading policies and relaxed noninterference. In Proceedings of the 32nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’05). ACM, New York, 158--170. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. I. Mastroeni. 2005. On the rôle of abstract non-interference in language-based security. In Proceedings of the 3rd Asian Symposium on Programming Languages and Systems (APLAS’05), Lecture Notes in Computer Science, Vol. 3780, K. Yi (Ed.). Springer-Verlag, Berlin, 418--433. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. I. Mastroeni. 2008. Deriving bisimulations by simplifying partitions. In Proceedings of the 9th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’08) , Lecture Notes in Computer Science, Vol. 4905. Springer-Verlag, New York, 147--171. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. I. Mastroeni. 2013. Abstract interpretation-based approaches to security - A survey on abstract non-interference and its challenging applications. In Semantics, Abstract Interpretation, and Reasoning about Programs: Essays Dedicated to David A. Schmidt on the Occasion of his Sixtieth Birthday, Manhattan, Kansas, USA, 19-20th September 2013. 41--65.Google ScholarGoogle ScholarCross RefCross Ref
  36. I. Mastroeni and A. Banerjee. 2011. Modelling declassification policies using abstract domain completeness. Mathematical Structures in Computer Science 21, 6 (2011), 1252--1299. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. I. Mastroeni and D. Nikolic. 2010. Abstract program slicing: From theory towards an implementation. In Proceedings of the 12th International Conference on Formal Engineering Methods (ICFEM’10), Lecture Notes in Computer Science, Vol. 6447. Springer, 452--467. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. I. Mastroeni and M. Pasqua. 2017. Hyperhierarchy of semantics - A formal framework for hyperproperties verification. In Proceedings of the Static Analysis Symposium (SAS’17), Vol. 10422. Springer, 232--252.Google ScholarGoogle Scholar
  39. I. Mastroeni and D. Zanardini. 2008. Data dependencies and program slicing: From syntax to abstract semantics. In Proceedings of the ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation (PEPM’08). ACM, 125--134. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. I. Mastroeni and D. Zanardini. 2017. Abstract program slicing: An abstract interpretation-based approach to program slicing. ACM Transactions on Computational Logic 18, 1 (2017), 7:1--7:58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. A. Miné. 2006. The octagon abstract domain. Higher-Order and Symbolic Computation 19, 1 (2006), 21--100. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. R. Paige and R. E. Tarjan. 1987. Three partition refinement algorithms. SIAM Journal on Computing 16, 6 (1987), 977--982. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Donald Ray and Jay Ligatti. 2012. Defining code-injection attacks. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’12). ACM, New York, 179--190. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. A. Sabelfeld and A. C. Myers. 2003. Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 1 (2003), 5--19. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. A. Sabelfeld and A. C. Myers. 2004. A model for delimited information release. In Proceedings of the International Symposium on Software Security (ISSS’03), Lecture Notes in Computer Science, Vol. 3233, N. Yonezaki K. Futatsugi, F. Mizoguchi (Ed.). Springer-Verlag, Berlin, 174--191.Google ScholarGoogle Scholar
  46. A. Sabelfeld and D. Sands. 2001. A PER model of secure information flow in sequential programs. Higher-Order and Symbolic Computation 14, 1 (2001), 59--91. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. A. Sabelfeld and D. Sands. 2009. Declassification: Dimensions and principles. Journal of Computer Security 17, 5 (Oct. 2009), 517--548. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. A. Sabelfeld and D. Schoepe. 2015. Understanding and enforcing opacity. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF’15). IEEE Comput. Soc. Press. To appear. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. M. Vanhoef, W. De Groef, D. Devriese, F. Piessens, and T. Rezk. 2014. Stateful declassification policies for event-driven programs. In Proceedings of the IEEE 27th Computer Security Foundations Symposium (CSF’14). 293--307. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. M. Weiser. 1984. Program slicing. IEEE Transactions on Software Engineering 10, 4 (1984), 352--357. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. G. Winskel. 1993. The Formal Semantics of Programming Languages: An Introduction. MIT Press, Cambridge, MA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. D. Zanardini. 2008. The semantics of abstract program slicing. In Proceedings of the 8th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM’08). 89--98.Google ScholarGoogle ScholarCross RefCross Ref
  53. S. Zdancewic and A. C. Myers. 2001. Robust declassification. In Proceedings of the IEEE Computer Security Foundations Workshop. IEEE Comput. Soc. Press, Los Alamitos, CA, 15--23. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Abstract Non-Interference: A Unifying Framework for Weakening Information-flow

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!