Abstract
In many software applications, it is necessary to preserve confidentiality of information. Therefore, security mechanisms are needed to enforce that secret information does not leak to unauthorized users. However, most language-based techniques that enable information flow control work post-hoc, deciding whether a specific program violates a confidentiality policy. In contrast, we proposed in previous work a refinement-based approach to derive programs that preserve confidentiality-by-construction. This approach follows the principles of Dijkstra's correctness-by-construction. In this extended abstract, we present the implementation and tool support of that refinement-based approach allowing to specify the information flow policies first and to create programs in a simple while language which comply to these policies by construction. In particular, we present the idea of confidentiality-by-construction using an example and discuss the IDE C-CorC supporting this development approach.
- Jean-Raymond Abrial. 2010. Modeling in Event-B - System and Software Engineering. Cambridge University Press.Google Scholar
- Jean-Raymond Abrial and Jean-Raymond Abrial. 2005. The B-Book: Assigning Programs to Meanings. Cambridge University Press.Google Scholar
- Jean-Raymond Abrial, Michael Butler, Stefan Hallerstede, Thai Son Hoang, Farhad Mehta, and Laurent Voisin. 2010. Rodin: An Open Toolset for Modelling and Reasoning in Event-B. International journal on software tools for technology transfer 12, 6 (2010), 447--466.Google Scholar
- Wolfgang Ahrendt, Bernhard Beckert, Richard Bubel, Reiner Hähnle, Peter H. Schmitt, and Mattias Ulbrich (Eds.). 2016. Deductive Software Verification - The KeY Book - From Theory to Practice. Lecture Notes in Computer Science, Vol. 10001. Springer.Google Scholar
- Torben Amtoft, Sruthi Bandhakavi, and Anindya Banerjee. 2006. A Logic for Information Flow in Object-Oriented Programs. In POPL. 91--102.Google Scholar
- Gregory R. Andrews and Richard P. Reitman. 1980. An Axiomatic Approach to Information Flow in Programs. ACM Trans. Program. Lang. Syst. 2, 1 (1980), 56--76.Google Scholar
Digital Library
- John Gilbert Presslie Barnes. 2003. High Integrity Software: The Spark Approach to Safety and Security. Pearson Education.Google Scholar
- Yves Bertot and Pierre Castéran. 2013. Interactive Theorem Proving and Program Development: Coq'Art: The Calculus of Inductive Constructions. Springer Science & Business Media.Google Scholar
- Edsger W. Dijkstra. 1976. A Discipline of Programming. Prentice Hall.Google Scholar
- David Gries. 1987. The Science of Programming. Springer.Google Scholar
- A. Hall and R. Chapman. 2002. Correctness by Construction: Developing a Commercial Secure System. Software, IEEE 19, 1 (Jan 2002), 18--25. https: //doi.org/10.1109/52.976937Google Scholar
- Daniel Hedin, Arnar Birgisson, Luciano Bello, and Andrei Sabelfeld. 2014. JSFlow: Tracking Information Flow in JavaScript and its APIs. In Proceedings of the 29th Annual ACM Symposium on Applied Computing. ACM, 1663--1671.Google Scholar
Digital Library
- Rogardt Heldal and Fredrik Hultin. 2003. Bridging Model-Based and Language- Based Security. In European Symposium on Research in Computer Security. Springer, 235--252.Google Scholar
- Deepak Kapur, Xumin Nie, and David R. Musser. 1994. An Overview of the Tecton Proof System. Theoretical Computer Science 133, 2 (1994), 307--339.Google Scholar
Digital Library
- Derrick G. Kourie and Bruce W. Watson. 2012. The Correctness-By-Construction Approach to Programming. Springer. http://books.google.co.za/books?id= 5Ig6ELUQFM4CGoogle Scholar
- Carroll Morgan. 1994. Programming from Specifications (2nd ed.). Prentice Hall.Google Scholar
- Andrew C Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM, 228--241.Google Scholar
Digital Library
- Flemming Nielson, Hanne Riis Nielson, and Chris Hankin. 1999. Principles of Program Analysis. Springer.Google Scholar
- Tobias Nipkow, Lawrence C Paulson, and Markus Wenzel. 2002. Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Vol. 2283. Springer Science & Business Media.Google Scholar
- Feng Qin, ChengWang, Zhenmin Li, Ho-seop Kim, Yuanyuan Zhou, and Youfeng Wu. 2006. Lift: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. In Microarchitecture, 2006. MICRO-39. 39th Annual IEEE/ACM International Symposium on. IEEE, 135--148.Google Scholar
Digital Library
- Andrei Sabelfeld and Andrew C. Myers. 2003. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications 21, 1 (2003), 5--19.Google Scholar
Digital Library
- Ina Schaefer, Tobias Runge, Alexander Knüppel, Loek Cleophas, Derrick Kourie, and Bruce W. Watson. 2018. Towards Confidentiality-by-Construction. ISoLA (2018). To appear.Google Scholar
- Neil Vachharajani, Matthew J Bridges, Jonathan Chang, Ram Rangan, Guilherme Ottoni, Jason A Blome, George A Reis, Manish Vachharajani, and David I August. 2004. RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In Microarchitecture, 2004. MICRO-37 2004. 37th International Symposium on. IEEE, 243--254.Google Scholar
Digital Library
- Dennis M. Volpano, Cynthia E. Irvine, and Geoffrey Smith. 1996. A Sound Type System for Secure Flow Analysis. Journal of Computer Security 4, 2/3 (1996), 167--188.Google Scholar
Digital Library
- Bruce W. Watson, Derrick G. Kourie, Ina Schaefer, and Loek Cleophas. 2016. Correctness-by-Construction and Post-hoc Verification: A Marriage of Convenience?. In ISoLA. 730--748.Google Scholar
Recommendations
Towards Confidentiality-by-Construction
Leveraging Applications of Formal Methods, Verification and Validation. ModelingAbstractGuaranteeing that information processed in computing systems remains confidential is vital for many software applications. To this end, language-based security mechanisms enforce fine-grained access control policies for program variables to ...
Confidentiality policies for controlled query evaluation
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications securityControlled Query Evaluation (CQE) is an approach to enforcing confidentiality in information systems at runtime. At each query, a censor checks whether the answer to that query would enable the user to infer any information he is not allowed to know ...
Extracting Conditional Confidentiality Policies
SEFM '08: Proceedings of the 2008 Sixth IEEE International Conference on Software Engineering and Formal MethodsPrograms should keep sensitive information, such as medical records, confidential. We present a static analysis that extracts from a program's source code a sound approximation of the most restrictive conditional confidentiality policy that the program ...






Comments