Abstract
Non-interference happens when some elements of a dynamic system do not interfere, i.e., do not affect, other elements in the same system. Originally introduced in language-based security, non-interference means that the manipulation of private information has no effect on public observations of data. In this article, we introduce abstract non-interference as a weakening of non-interference by abstract interpretation. Abstract non-interference is parametric on which private information we want to protect and which are the observational capabilities of the external observer, i.e., what the attacker can observe of a computation and of the data manipulated during the computation. This allows us to model a variety of situations in information-flow security, where the security of a system can be mastered by controlling the degree of precision of the strongest harmless attacker and the properties that are potentially leaked in case of successful attack.
- Open Web Application Security Project (OWASP). 2016. Retrieved November 13, 2016 from https://www.owasp.org.Google Scholar
- A. Askarov and S. Chong. 2012. Learning is change in knowledge: Knowledge-based security for dynamic policies. In Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF’12). 308-0-322. Google Scholar
Digital Library
- A. Askarov and A. C. Myers. 2011. Attacker control and impact for confidentiality and integrity. Logical Methods in Computer Science 7, 3 (2011).Google Scholar
- A. Askarov and A. Sabelfeld. 2007. Gradual release: Unifying declassification, encryption and key release policies. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Comput. Soc. Press, Los Alamitos, CA. Google Scholar
Digital Library
- A. Askarov and A. Sabelfeld. 2007. Localized delimited release: Combining the what and the where dimensions of information release. In Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security (PLAS’07). ACM, New York, 53--60. Google Scholar
Digital Library
- M. Assaf, D. A. Naumann, J. Signoles, E. Totel, and F. Tronel. 2017. Hypercollecting semantics and its application to static analysis of information flow. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’17). 874--887. http://dl.acm.org/citation.cfm?id=3009889 Google Scholar
Digital Library
- M. Balliu, M. Dam, and G. Le Guernic. 2011. Epistemic temporal logic for information flow security. In Proceedings of the 2011 Workshop on Programming Languages and Analysis for Security (PLAS’11). 6. Google Scholar
Digital Library
- M. Balliu and I. Mastroeni. 2010. A weakest precondition approach to robustness. Transactions on Computational Science 10 (2010), 261--297. Google Scholar
Digital Library
- A. Banerjee, D. A. Naumann, and S. Rosenberg. 2008. Expressive declassification policies and modular static enforcement. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (S8P’08). 339--353. Google Scholar
Digital Library
- F. Bellini, R. Chiodi, and I. Mastroeni. 2016. MIME - A formal approach for multiple investigation in (android) malware emulation analysis. In Proceedings of the 8th International Symposium on Foundation and Practice of Security (FPS’15), Lecture Notes in Computer Science, Vol. 9482. Springer, 259--267.Google Scholar
- D. Binkley, S. Danicic, T. Gyimóthy, M. Harman, Á. Kiss, and B. Korel. 2006. A formalisation of the relationship between forms of program slicing. Science of Computer Programming 62, 3 (2006), 228--252. Google Scholar
Digital Library
- N. Broberg and D. Sands. 2009. Flow-sensitive semantics for dynamic information flow policies. In Proceedings of the ACM SIGPLAN 4th Workshop on Programming Languages and Analysis for Security (PLAS’09). ACM, New York, 101--112. Google Scholar
Digital Library
- J. W. Bryans, M. Koutny, L. Mazaré, and P. Y. A. Ryan. 2008. Opacity generalised to transition systems. Interntional Journal of Information Security 7, 6 (2008), 421--435. Google Scholar
Digital Library
- S. Buro and I. Mastroeni. 2018. Abstract code injection - A semantic approach based on abstract non-interference. In Proceedings of the 19th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’18), Lecture Notes in Computer Science. Springer-Verlag. To appear.Google Scholar
- E. S. Cohen. 1978. Information transmission in sequential programs. In Foundations of Secure Computation, DeMillo et al. (Ed.). Academic Press, New York, 297--335.Google Scholar
- P. Cousot. 2001. Abstract interpretation based formal methods and future challenges. In Informatics - 10 Years Back. 10 Years Ahead. 138--156. Google Scholar
Digital Library
- P. Cousot. 2002. Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theoretical Computer Science 277, 1--2 (2002), 47--103. Google Scholar
Digital Library
- P. Cousot and R. Cousot. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Conference Record of the 4th ACM Symposium on Principles of Programming Languages (POPL’77). ACM, New York, 238--252. Google Scholar
Digital Library
- P. Cousot and R. Cousot. 1979. Constructive versions of Tarski’s fixed point theorems. Pacific Journal of Mathematics 82, 1 (1979), 43--57.Google Scholar
Cross Ref
- P. Cousot and R. Cousot. 1979. Systematic design of program analysis frameworks. In Proceedings of the Conference Record of the 6th ACM Symposium on Principles of Programming Languages (POPL’79). ACM, New York, 269--282. Google Scholar
Digital Library
- P. Cousot and R. Cousot. 2002. Systematic design of program transformation frameworks by abstract interpretation. In Proceedings of the Conference Record of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, 178--190. Google Scholar
Digital Library
- S. Danicic, R. W. Barraclough, M. Harman, J. D. Howroyd, Á. Kiss, and M. R. Laurence. 2011. A unifying theory of control dependence and its application to arbitrary program structures. Theoretical Computer Science 412, 49 (2011), 6809--6842. Google Scholar
Digital Library
- B. A. Davey and H. A. Priestley. 1990. Introduction to Lattices and Order. Cambridge University Press, Cambridge, UK.Google Scholar
- R. Giacobazzi and I. Mastroeni. 2004. Abstract non-interference: Parameterizing non-interference by abstract interpretation. In Proceedings of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’04). ACM, New York, 186--197. Google Scholar
Digital Library
- R. Giacobazzi and I. Mastroeni. 2010. Adjoining classified and unclassified information by abstract interpretation. Journal of Computer Security 18, 5 (2010), 751--797. Google Scholar
Digital Library
- R. Giacobazzi and I. Mastroeni. 2010. A proof system for abstract non-interference. Journal of Logic and Computation 20, 2 (2010), 449--479. Google Scholar
Digital Library
- R. Giacobazzi and F. Ranzato. 1997. Refining and compressing abstract domains. In Proceedings of the 24th International Colloquium on Automata, Languages and Programming (ICALP’97), Lecture Notes in Computer Science, Vol. 1256, P. Degano, R. Gorrieri, and A. Marchetti-Spaccamela (Eds.). Springer-Verlag, Berlin, 771--781. Google Scholar
Digital Library
- R. Giacobazzi, F. Ranzato, and F. Scozzari. 2000. Making abstract interpretations complete. Journal of the ACM 47, 2 (2000), 361--416. Google Scholar
Digital Library
- J. A. Goguen and J. Meseguer. 1982. Security policies and security models. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Comp. Soc. Press, Los Alamitos, CA, 11--20.Google Scholar
- S. Hunt and I. Mastroeni. 2005. The PER model of abstract non-interference. In Proceedings of the 12th International Static Analysis Symposium (SAS’05), Lecture Notes in Computer Science, Vol. 3672, C. Hankin and I. Siveroni (Eds.). Springer-Verlag, Berlin, 171--185. Google Scholar
Digital Library
- M. G. Kang, H. Yin, S. Hanna, S. McCamant, and D. Song. 2009. Emulating emulation-resistant malware. In Proceedings of the 1st ACM Workshop on Virtual Machine Security (VMSec’09). ACM, New York, 11--22. Google Scholar
Digital Library
- P. Li and S. Zdancewic. 2005. Downgrading policies and relaxed noninterference. In Proceedings of the 32nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’05). ACM, New York, 158--170. Google Scholar
Digital Library
- I. Mastroeni. 2005. On the rôle of abstract non-interference in language-based security. In Proceedings of the 3rd Asian Symposium on Programming Languages and Systems (APLAS’05), Lecture Notes in Computer Science, Vol. 3780, K. Yi (Ed.). Springer-Verlag, Berlin, 418--433. Google Scholar
Digital Library
- I. Mastroeni. 2008. Deriving bisimulations by simplifying partitions. In Proceedings of the 9th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’08) , Lecture Notes in Computer Science, Vol. 4905. Springer-Verlag, New York, 147--171. Google Scholar
Digital Library
- I. Mastroeni. 2013. Abstract interpretation-based approaches to security - A survey on abstract non-interference and its challenging applications. In Semantics, Abstract Interpretation, and Reasoning about Programs: Essays Dedicated to David A. Schmidt on the Occasion of his Sixtieth Birthday, Manhattan, Kansas, USA, 19-20th September 2013. 41--65.Google Scholar
Cross Ref
- I. Mastroeni and A. Banerjee. 2011. Modelling declassification policies using abstract domain completeness. Mathematical Structures in Computer Science 21, 6 (2011), 1252--1299. Google Scholar
Digital Library
- I. Mastroeni and D. Nikolic. 2010. Abstract program slicing: From theory towards an implementation. In Proceedings of the 12th International Conference on Formal Engineering Methods (ICFEM’10), Lecture Notes in Computer Science, Vol. 6447. Springer, 452--467. Google Scholar
Digital Library
- I. Mastroeni and M. Pasqua. 2017. Hyperhierarchy of semantics - A formal framework for hyperproperties verification. In Proceedings of the Static Analysis Symposium (SAS’17), Vol. 10422. Springer, 232--252.Google Scholar
- I. Mastroeni and D. Zanardini. 2008. Data dependencies and program slicing: From syntax to abstract semantics. In Proceedings of the ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation (PEPM’08). ACM, 125--134. Google Scholar
Digital Library
- I. Mastroeni and D. Zanardini. 2017. Abstract program slicing: An abstract interpretation-based approach to program slicing. ACM Transactions on Computational Logic 18, 1 (2017), 7:1--7:58. Google Scholar
Digital Library
- A. Miné. 2006. The octagon abstract domain. Higher-Order and Symbolic Computation 19, 1 (2006), 21--100. Google Scholar
Digital Library
- R. Paige and R. E. Tarjan. 1987. Three partition refinement algorithms. SIAM Journal on Computing 16, 6 (1987), 977--982. Google Scholar
Digital Library
- Donald Ray and Jay Ligatti. 2012. Defining code-injection attacks. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’12). ACM, New York, 179--190. Google Scholar
Digital Library
- A. Sabelfeld and A. C. Myers. 2003. Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 1 (2003), 5--19. Google Scholar
Digital Library
- A. Sabelfeld and A. C. Myers. 2004. A model for delimited information release. In Proceedings of the International Symposium on Software Security (ISSS’03), Lecture Notes in Computer Science, Vol. 3233, N. Yonezaki K. Futatsugi, F. Mizoguchi (Ed.). Springer-Verlag, Berlin, 174--191.Google Scholar
- A. Sabelfeld and D. Sands. 2001. A PER model of secure information flow in sequential programs. Higher-Order and Symbolic Computation 14, 1 (2001), 59--91. Google Scholar
Digital Library
- A. Sabelfeld and D. Sands. 2009. Declassification: Dimensions and principles. Journal of Computer Security 17, 5 (Oct. 2009), 517--548. Google Scholar
Digital Library
- A. Sabelfeld and D. Schoepe. 2015. Understanding and enforcing opacity. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF’15). IEEE Comput. Soc. Press. To appear. Google Scholar
Digital Library
- M. Vanhoef, W. De Groef, D. Devriese, F. Piessens, and T. Rezk. 2014. Stateful declassification policies for event-driven programs. In Proceedings of the IEEE 27th Computer Security Foundations Symposium (CSF’14). 293--307. Google Scholar
Digital Library
- M. Weiser. 1984. Program slicing. IEEE Transactions on Software Engineering 10, 4 (1984), 352--357. Google Scholar
Digital Library
- G. Winskel. 1993. The Formal Semantics of Programming Languages: An Introduction. MIT Press, Cambridge, MA. Google Scholar
Digital Library
- D. Zanardini. 2008. The semantics of abstract program slicing. In Proceedings of the 8th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM’08). 89--98.Google Scholar
Cross Ref
- S. Zdancewic and A. C. Myers. 2001. Robust declassification. In Proceedings of the IEEE Computer Security Foundations Workshop. IEEE Comput. Soc. Press, Los Alamitos, CA, 15--23. Google Scholar
Digital Library
Index Terms
Abstract Non-Interference: A Unifying Framework for Weakening Information-flow
Recommendations
Abstract non-interference: parameterizing non-interference by abstract interpretation
POPL '04: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languagesIn this paper we generalize the notion of non-interference making it parametric relatively to what an attacker can analyze about the input/output information flow. The idea is to consider attackers as data-flow analyzers, whose task is to reveal ...
Abstract non-interference: parameterizing non-interference by abstract interpretation
POPL '04In this paper we generalize the notion of non-interference making it parametric relatively to what an attacker can analyze about the input/output information flow. The idea is to consider attackers as data-flow analyzers, whose task is to reveal ...
The PER model of abstract non-interference
SAS'05: Proceedings of the 12th international conference on Static AnalysisIn this paper, we study the relationship between two models of secure information flow: the PER model (which uses equivalence relations) and the abstract non-interference model (which uses upper closure operators). We embed the lattice of equivalence ...






Comments