83 Hits in 4.2 sec

Improved typings for probabilistic noninterference in a multi-threaded language

Geoffrey Smith
2006 Journal of Computer Security  
In the context of a multi-threaded imperative language with probabilistic scheduling, the goal can be formalized as a probabilistic noninterference property.  ...  We prove that well-typed multi-threaded programs satisfy a property that we call weak probabilistic noninterference; it is based on a notion of weak probabilistic bisimulation for Markov chains, allowing  ...  Then, in Section 6, we prove that every well-typed multi-threaded program satisfies weak probabilistic noninterference.  ... 
doi:10.3233/jcs-2006-14605 fatcat:tfzcysrsrnctni3fs2ah2vfrri

Checking probabilistic noninterference using JOANA

Gregor Snelting, Dennis Giffhorn, Jürgen Graf, Christian Hammer, Martin Hecker, Martin Mohr, Daniel Wasserrab
2014 it - Information Technology  
It includes a new algorithm guaranteeing probabilistic noninterference, named RLSOD. JOANA needs few annotations and has a nice GUI. The tool is open source and was applied in several case studies.  ...  AbstractJOANA is a tool for software security analysis, checking up to 100 kLOC of full multi-threaded Java. JOANA is based on sophisticated program analysis techniques and thus very precise.  ...  JOANA was supported by DFG (including DFG SPP 1496 "Reliably secure software systems") and BMBF in the scope of the software security competence center KASTEL.  ... 
doi:10.1515/itit-2014-1051 fatcat:4co5hezc5vepjbaozpvxm4avny

Noninterfering Schedulers [chapter]

Andrei Popescu, Johannes Hölzl, Tobias Nipkow
2013 Lecture Notes in Computer Science  
Noninterfering schedulers are proved to be safe in the following sense: if a multi-threaded program is possibilistically noninterfering, then it is also probabilistically noninterfering when run under  ...  We develop a framework for expressing and analyzing the behavior of probabilistic schedulers.  ...  We thank Jasmin Blanchette and the referees for useful comments and suggestions.  ... 
doi:10.1007/978-3-642-40206-7_18 fatcat:eemioxa35jgjfbdkrcbwkaqnrq

Noninterference for concurrent programs and thread systems

Gérard Boudol, Ilaria Castellani
2002 Theoretical Computer Science  
We propose a type system to ensure the property of noninterference in a system of concurrent programs, described in a standard imperative language enriched with parallelism.  ...  Moreover, we show how to extend the language in order to formalise scheduling policies for systems of sequential threads.  ...  Acknowledgements We would like to thank Geo rey Smith for his interest in, and comments on the submitted version of this paper, and the anonymous referees, whose questions and suggestions led us to largely  ... 
doi:10.1016/s0304-3975(02)00010-5 fatcat:fqdzcnga55cq5l4o6hvby2xdma

Confidentiality for Probabilistic Multi-threaded Programs and Its Verification [chapter]

Tri Minh Ngo, Mariëlle Stoelinga, Marieke Huisman
2013 Lecture Notes in Computer Science  
This paper proposes a new notion of confidentiality for probabilistic and non-probabilistic multi-threaded programs, formalized as schedulerspecific probabilistic observational determinism (SSPOD), together  ...  This holds in particular for multi-threaded applications, which are generally seen the future of high-performance computing.  ...  A number of efficient algorithms for checking equivalence between probabilistic languages have been developed, the classical ones in [10, 28] , and the improved variants in [11, 16] .  ... 
doi:10.1007/978-3-642-36563-8_8 fatcat:l5xkf2po6vg63put6wrdp2vsta

Proving Concurrent Noninterference [chapter]

Andrei Popescu, Johannes Hölzl, Tobias Nipkow
2012 Lecture Notes in Computer Science  
We perform a formal analysis of compositionality techniques for proving possibilistic noninterference for a while language with parallel composition.  ...  from the literature and suggests a further improved type system.  ...  We are grateful to Jasmin Blanchette for lots of suggestions hat have significantly improved the presentation of this paper, to Benedict Nordhoff and Peter Lammich for noticing various technical typos,  ... 
doi:10.1007/978-3-642-35308-6_11 fatcat:na4uo3gj7bhgzchptqn7sqkjbq

Assumptions and Guarantees for Compositional Noninterference

Heiko Mantel, David Sands, Henning Sudbrock
2011 2011 IEEE 24th Computer Security Foundations Symposium  
We illustrate the improved precision by developing the first flow-sensitive security type system that provably enforces a noninterference-like property for concurrent programs.  ...  Since in practice it is only meaningful to compose threads which follow an agreed protocol for data access, we take advantage of this to develop a more liberal compositional security condition.  ...  This work was partially funded by the DFG (German research foundation) under the projects FM-SecEng in the Computer Science Action Program (MA 3326/1-2) and RSCP in the priority programme RS 3 (MA 3326  ... 
doi:10.1109/csf.2011.22 dblp:conf/csfw/MantelSS11 fatcat:ldr7p73czzcl5egspa5nxcdnom

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Christian Hammer, Gregor Snelting
2009 International Journal of Information Security  
We explain PDGs for sequential and multi-threaded programs, and explain precision gains due to flow-, context-, and object-sensitivity.  ...  We then augment PDGs with a lattice of security levels and introduce the flow equations for IFC. We describe algorithms for flow computation in detail and prove their correctness.  ...  Acknowledgements We thank Jens Krinke, who contributed to previous versions of this work, for ongoing discussions on IFC; and Frank Nodes for implementing the Eclipse integration.  ... 
doi:10.1007/s10207-009-0086-1 fatcat:ziiyafhqn5ed3epewrob2atp5u

Hybrid Monitors for Concurrent Noninterference

Aslan Askarov, Stephen Chong, Heiko Mantel
2015 2015 IEEE 28th Computer Security Foundations Symposium  
In our framework, each thread is guarded by its own local monitor, and there is a single global monitor.  ...  This problem is exacerbated if threads share resources at fine granularity. In this work, we propose a novel monitoring framework to enforce strong information security in concurrent programs.  ...  The second author thanks the programming languages group at Harvard University for the inspiring environment during his sabbatical.  ... 
doi:10.1109/csf.2015.17 dblp:conf/csfw/AskarovCM15 fatcat:eaasz2hpmfhwlanalzmxjuu3z4

Flexible Scheduler-Independent Security [chapter]

Heiko Mantel, Henning Sudbrock
2010 Lecture Notes in Computer Science  
We propose an approach to certify the information flow security of multi-threaded programs independently from the scheduling algorithm.  ...  The key insight in our development of a novel scheduler-independent information flow property was the identification of a suitable class of schedulers that covers the most relevant schedulers.  ...  The authors thank Dave Sands for helpful comments in the early phase of this research project and the anonymous reviewers for their suggestions.  ... 
doi:10.1007/978-3-642-15497-3_8 fatcat:rtj37khuczel3hevc3l4junbki

Securing interaction between threads and the scheduler in the presence of synchronization

Alejandro Russo, Andrei Sabelfeld
2009 The Journal of Logic and Algebraic Programming  
In particular, the language should be able to treat dynamic thread creation, as well as provide possibilities for synchronization.  ...  The type system guarantees security for a wide class of schedulers and provides a flexible and efficiency-friendly treatment of dynamic threads.  ...  Acknowledgments We wish to thank our colleagues in the ProSec group at Chalmers, partners in the Mobius project, and the anonymous reviewers for helpful feedback.  ... 
doi:10.1016/j.jlap.2008.09.003 fatcat:hb7uxm3dovhpxekr2zzosrsdr4

Proceedings of the Third Workshop on Formal Integrated Development Environment

Kim G. Larsen
2017 Electronic Proceedings in Theoretical Computer Science  
Future Work We are currently working on connecting the calculated summaries to a parameterised unit testing framework.  ...  I have started this work together with ZoltánÉsik when I visited him in Szeged in February 2016. Unfortunately, Zoltán did not live to see it completed.  ...  For instance, erasing an argument in a multi-argument function might depend on the value (or type) of some other arguments.  ... 
doi:10.4204/eptcs.240.0.1 fatcat:imfjolcxmrfm7kqiz523rbyj5i

Precise enforcement of progress-sensitive security

Scott Moore, Aslan Askarov, Stephen Chong
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
We have instantiated the oracle for a simple imperative language with a logical abstract interpretation that uses an SMT solver to synthesize linear rank functions.  ...  We propose a type system and instrumented semantics that together enforce progress-sensitive security more precisely than existing approaches.  ...  Acknowledgements We thanks the anonymous reviewers for their helpful comments. Andrei Sabelfeld provided helpful comments.  ... 
doi:10.1145/2382196.2382289 dblp:conf/ccs/MooreAC12 fatcat:cuksl7ijmnbaxogr6r7anfttye

A Per Model of Secure Information Flow in Sequential Programs [chapter]

Andrei Sabelfeld, David Sands
1999 Lecture Notes in Computer Science  
The specification clarifies and unifies a number of specific correctness arguments in the literature, and connections to other forms of program analysis.  ...  We extend the approach to handle nondeterminism by using powerdomain semantics and show how probabilistic security properties can be formalised by using probabilistic powerdomain semantics. S.D.  ...  analysis can improve binding time analyses).  ... 
doi:10.1007/3-540-49099-x_4 fatcat:64obrmgtujaozptj5hjxbazagy

Secure information flow for a concurrent language with scheduling

Gilles Barthe, Leonor Prensa Nieto
2007 Journal of Computer Security  
Using the proof assistant Isabelle/HOL, we have specified an information flow type system for a concurrent language featuring primitives for scheduling, and shown that typable programs are non-interfering  ...  Our language and type system generalize previous work of Boudol and Castellani [13] , in particular by including arrays and lifting several convenient but unnecessary conditions in the syntax and type  ...  Acknowledgments Thanks to the anonymous referees for their comments on the paper, to G. Boudol, I. Castellani, and A. Matos for discussions around [13] 36 and [29] , and to S. Merz, C.  ... 
doi:10.3233/jcs-2007-15604 fatcat:4eygbbx7fjhmljm2e6m5e7em2q
« Previous Showing results 1 — 15 out of 83 results