Improved typings for probabilistic noninterference in a multi-threaded language.

In the context of a multi-threaded imperative language with probabilistic scheduling, the goal can be formalized as a probabilistic noninterference property. ... We prove that well-typed multi-threaded programs satisfy a property that we call weak probabilistic noninterference; it is based on a notion of weak probabilistic bisimulation for Markov chains, allowing ... Then, in Section 6, we prove that every well-typed multi-threaded program satisfies weak probabilistic noninterference. ...

doi:10.3233/jcs-2006-14605 fatcat:tfzcysrsrnctni3fs2ah2vfrri

It includes a new algorithm guaranteeing probabilistic noninterference, named RLSOD. JOANA needs few annotations and has a nice GUI. The tool is open source and was applied in several case studies. ... AbstractJOANA is a tool for software security analysis, checking up to 100 kLOC of full multi-threaded Java. JOANA is based on sophisticated program analysis techniques and thus very precise. ... JOANA was supported by DFG (including DFG SPP 1496 "Reliably secure software systems") and BMBF in the scope of the software security competence center KASTEL. ...

doi:10.1515/itit-2014-1051 fatcat:4co5hezc5vepjbaozpvxm4avny

Noninterfering schedulers are proved to be safe in the following sense: if a multi-threaded program is possibilistically noninterfering, then it is also probabilistically noninterfering when run under ... We develop a framework for expressing and analyzing the behavior of probabilistic schedulers. ... We thank Jasmin Blanchette and the referees for useful comments and suggestions. ...

doi:10.1007/978-3-642-40206-7_18 fatcat:eemioxa35jgjfbdkrcbwkaqnrq

We propose a type system to ensure the property of noninterference in a system of concurrent programs, described in a standard imperative language enriched with parallelism. ... Moreover, we show how to extend the language in order to formalise scheduling policies for systems of sequential threads. ... Acknowledgements We would like to thank Geo rey Smith for his interest in, and comments on the submitted version of this paper, and the anonymous referees, whose questions and suggestions led us to largely ...

doi:10.1016/s0304-3975(02)00010-5 fatcat:fqdzcnga55cq5l4o6hvby2xdma

Szczepanski

This paper proposes a new notion of confidentiality for probabilistic and non-probabilistic multi-threaded programs, formalized as schedulerspecific probabilistic observational determinism (SSPOD), together ... This holds in particular for multi-threaded applications, which are generally seen the future of high-performance computing. ... A number of efficient algorithms for checking equivalence between probabilistic languages have been developed, the classical ones in [10, 28] , and the improved variants in [11, 16] . ...

doi:10.1007/978-3-642-36563-8_8 fatcat:l5xkf2po6vg63put6wrdp2vsta

We perform a formal analysis of compositionality techniques for proving possibilistic noninterference for a while language with parallel composition. ... from the literature and suggests a further improved type system. ... We are grateful to Jasmin Blanchette for lots of suggestions hat have significantly improved the presentation of this paper, to Benedict Nordhoff and Peter Lammich for noticing various technical typos, ...

doi:10.1007/978-3-642-35308-6_11 fatcat:na4uo3gj7bhgzchptqn7sqkjbq

We illustrate the improved precision by developing the first flow-sensitive security type system that provably enforces a noninterference-like property for concurrent programs. ... Since in practice it is only meaningful to compose threads which follow an agreed protocol for data access, we take advantage of this to develop a more liberal compositional security condition. ... This work was partially funded by the DFG (German research foundation) under the projects FM-SecEng in the Computer Science Action Program (MA 3326/1-2) and RSCP in the priority programme RS 3 (MA 3326 ...

doi:10.1109/csf.2011.22 dblp:conf/csfw/MantelSS11 fatcat:ldr7p73czzcl5egspa5nxcdnom

We explain PDGs for sequential and multi-threaded programs, and explain precision gains due to flow-, context-, and object-sensitivity. ... We then augment PDGs with a lattice of security levels and introduce the flow equations for IFC. We describe algorithms for flow computation in detail and prove their correctness. ... Acknowledgements We thank Jens Krinke, who contributed to previous versions of this work, for ongoing discussions on IFC; and Frank Nodes for implementing the Eclipse integration. ...

doi:10.1007/s10207-009-0086-1 fatcat:ziiyafhqn5ed3epewrob2atp5u

In our framework, each thread is guarded by its own local monitor, and there is a single global monitor. ... This problem is exacerbated if threads share resources at fine granularity. In this work, we propose a novel monitoring framework to enforce strong information security in concurrent programs. ... The second author thanks the programming languages group at Harvard University for the inspiring environment during his sabbatical. ...

doi:10.1109/csf.2015.17 dblp:conf/csfw/AskarovCM15 fatcat:eaasz2hpmfhwlanalzmxjuu3z4

We propose an approach to certify the information flow security of multi-threaded programs independently from the scheduling algorithm. ... The key insight in our development of a novel scheduler-independent information flow property was the identification of a suitable class of schedulers that covers the most relevant schedulers. ... The authors thank Dave Sands for helpful comments in the early phase of this research project and the anonymous reviewers for their suggestions. ...

doi:10.1007/978-3-642-15497-3_8 fatcat:rtj37khuczel3hevc3l4junbki

In particular, the language should be able to treat dynamic thread creation, as well as provide possibilities for synchronization. ... The type system guarantees security for a wide class of schedulers and provides a flexible and efficiency-friendly treatment of dynamic threads. ... Acknowledgments We wish to thank our colleagues in the ProSec group at Chalmers, partners in the Mobius project, and the anonymous reviewers for helpful feedback. ...

doi:10.1016/j.jlap.2008.09.003 fatcat:hb7uxm3dovhpxekr2zzosrsdr4

Szczepanski

Future Work We are currently working on connecting the calculated summaries to a parameterised unit testing framework. ... I have started this work together with ZoltánÉsik when I visited him in Szeged in February 2016. Unfortunately, Zoltán did not live to see it completed. ... For instance, erasing an argument in a multi-argument function might depend on the value (or type) of some other arguments. ...

doi:10.4204/eptcs.240.0.1 fatcat:imfjolcxmrfm7kqiz523rbyj5i

DOAJ

We have instantiated the oracle for a simple imperative language with a logical abstract interpretation that uses an SMT solver to synthesize linear rank functions. ... We propose a type system and instrumented semantics that together enforce progress-sensitive security more precisely than existing approaches. ... Acknowledgements We thanks the anonymous reviewers for their helpful comments. Andrei Sabelfeld provided helpful comments. ...

doi:10.1145/2382196.2382289 dblp:conf/ccs/MooreAC12 fatcat:cuksl7ijmnbaxogr6r7anfttye

The specification clarifies and unifies a number of specific correctness arguments in the literature, and connections to other forms of program analysis. ... We extend the approach to handle nondeterminism by using powerdomain semantics and show how probabilistic security properties can be formalised by using probabilistic powerdomain semantics. S.D. ... analysis can improve binding time analyses). ...

doi:10.1007/3-540-49099-x_4 fatcat:64obrmgtujaozptj5hjxbazagy

Using the proof assistant Isabelle/HOL, we have specified an information flow type system for a concurrent language featuring primitives for scheduling, and shown that typable programs are non-interfering ... Our language and type system generalize previous work of Boudol and Castellani [13] , in particular by including arrays and lifting several convenient but unnecessary conditions in the syntax and type ... Acknowledgments Thanks to the anonymous referees for their comments on the paper, to G. Boudol, I. Castellani, and A. Matos for discussions around [13] 36 and [29] , and to S. Merz, C. ...

doi:10.3233/jcs-2007-15604 fatcat:4eygbbx7fjhmljm2e6m5e7em2q

Improved typings for probabilistic noninterference in a multi-threaded language

Preserved Fulltext

Checking probabilistic noninterference using JOANA

Preserved Fulltext

Noninterfering Schedulers [chapter]

Preserved Fulltext

Noninterference for concurrent programs and thread systems

Preserved Fulltext

Confidentiality for Probabilistic Multi-threaded Programs and Its Verification [chapter]

Preserved Fulltext

Proving Concurrent Noninterference [chapter]

Preserved Fulltext

Assumptions and Guarantees for Compositional Noninterference

Preserved Fulltext

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Preserved Fulltext

Hybrid Monitors for Concurrent Noninterference

Preserved Fulltext

Flexible Scheduler-Independent Security [chapter]

Preserved Fulltext

Securing interaction between threads and the scheduler in the presence of synchronization

Preserved Fulltext

Proceedings of the Third Workshop on Formal Integrated Development Environment

Preserved Fulltext

Precise enforcement of progress-sensitive security

Preserved Fulltext

A Per Model of Secure Information Flow in Sequential Programs [chapter]

Preserved Fulltext

Secure information flow for a concurrent language with scheduling

Preserved Fulltext