1,618 Hits in 2.4 sec

Two Formal Approaches for Approximating Noninterference Properties [chapter]

Alessandro Aldini, Mario Bravetti, Alessandra Di Pierro, Roberto Gorrieri, Chris Hankin, Herbert Wiklicky
2004 Lecture Notes in Computer Science  
In this paper, we present two formal models in which the notion of noninterference, which is at the basis of a large variety of security properties defined in the recent literature, is approximated.  ...  The formalisation of security properties for computer systems raises the problem of overcoming also in a formal setting the classical view according to which confidentiality is an absolute property stating  ...  In this paper, we presented two techniques for approximating noninterference properties, thus enriching the intuition behind the definition of probabilistic noninterference, which appeared in the literature  ... 
doi:10.1007/978-3-540-24631-2_1 fatcat:im6dlh6wpngn5bmpzfmzooae6m

Using Theorem Provers to Increase the Precision of Dependence Analysis for Information Flow Control [chapter]

Bernhard Beckert, Simon Bischof, Mihai Herda, Michael Kirsten, Marko Kleine Büning
2018 Lecture Notes in Computer Science  
Information flow control (IFC) is a category of techniques for enforcing information flow properties.  ...  For every potential illegal information flow reported by the SDG-based approach, the Combined Approach automatically generates proof obligations that, if valid, prove that there is no program path for  ...  We are grateful to the student Holger Klein for implementing the prototype.  ... 
doi:10.1007/978-3-030-02450-5_17 fatcat:d3efgbdhkbdxdgsw4yu7aeoy5a

Modeling Information Routing With Noninterference

Ruud Koolen, Julien Schmaltz
2016 International Conference on High Performance Embedded Architectures and Compilers  
As an illustration of our approach, we formally model and analyze an example system inspired by the GWV Firewall.  ...  These extensions enable the reasoning at an abstract level built on top of noninterference, at a much finer level than allowed by base noninterference.  ...  For this system, we want to ensure -and formally verifythat u never gets access to i. The system is designed around two design properties that together ensure this security requirement.  ... 
doi:10.5281/zenodo.47980 dblp:conf/hipeac/KoolenS16 fatcat:nanskixuezeuxlowxctw4pot2q

Formal Verification of Differential Privacy for Interactive Systems (Extended Abstract)

Michael Carl Tschantz, Dilsun Kaynar, Anupam Datta
2011 Electronical Notes in Theoretical Computer Science  
Differential privacy is a promising approach to privacy preserving data analysis with a well-developed theory for functions.  ...  We develop a formal probabilistic automaton model of differential privacy for systems by adapting prior work on differential privacy for functions.  ...  flow property noninterference [21] .  ... 
doi:10.1016/j.entcs.2011.09.015 fatcat:7ykaadvjq5hu7gprsbkhxjlfbi

A Design and Verification Methodology for a TrustZone Trusted Execution Environment

Haiyong Sun, Hang Lei
2020 IEEE Access  
ACKNOWLEDGMENT We thank to the paper reviewers for their many valuable comments. We also thank to AJE for its linguistic assistance during the preparation of this manuscript.  ...  Our approach uses Coq, which can express richer properties that Serval cannot. For noninterference, Serval tends to prove Nickel's [38] specification instead of our noninterference specification.  ...  The following corollary states the noninterference property for the real machine. Corollary 1.  ... 
doi:10.1109/access.2020.2974487 fatcat:efkxklgmlbah5jbp4nxpegfyau

Exploit Generation for Information Flow Leaks in Object-Oriented Programs [chapter]

Quoc Huy Do, Richard Bubel, Reiner Hähnle
2015 IFIP Advances in Information and Communication Technology  
A prototype tool called KEG implementing the described approach for Java programs has been developed, which generates exploits as executable JUnit tests.  ...  Our approach combines self-composition and symbolic execution to compose an insecurity formula for a given information flow policy and a specification of the security level of the program locations.  ...  Conclusion We presented a novel approach for automatically detecting information flow leaks in object-oriented imperative programs.  ... 
doi:10.1007/978-3-319-18467-8_27 fatcat:5zwbqypqurbajbp3lja4qowwwi

Formal Framework For Mils Integration

Julien Schmaltz, Holger Blasum, Bruno Langenstein, Betrand Leconte, Kevin Müller, Freek Verbeek, Ruud Koolen
2016 Zenodo  
As an illustration of our approach, we formally model and analyse an example system inspired by the GWV Firewall.  ...  To achieve security certification according to the highest levels of assurance, formal models and proofs of security properties are required.  ...  For this reason, we propose a model describing the behaviour of flowing information that aims to approximate reality well enough to enable formal verification of practical information flow properties,  ... 
doi:10.5281/zenodo.57413 fatcat:mvqqomtiafcfxmyb3fkaagor6q

Who Can Declassify? [chapter]

Alexander Lux, Heiko Mantel
2009 Lecture Notes in Computer Science  
Our contributions include a formal security condition and a sound approach to statically enforcing this condition.  ...  Noninterference provides reliable guarantees for the confidentiality of sensitive information, but it is too restrictive if exceptions shall be permitted.  ...  We thank the anonymous reviewers for their suggestions.  ... 
doi:10.1007/978-3-642-01465-9_3 fatcat:ztw3fobepvardojqbkur2pe6k4

Extracting Conditional Confidentiality Policies

Michael Carl Tschantz, Jeannette M. Wing
2008 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods  
To formalize conditional confidentiality policies, we present a modified definition of noninterference that depends on runtime information.  ...  While we focus on using our analysis for policy extraction, the process can more generally be used for information flow analysis.  ...  We thank Jonathan Aldrich for scrutinizing our inference rules. We also thank him, Karl Crary, and Frank Pfenning for helpful comments.  ... 
doi:10.1109/sefm.2008.46 dblp:conf/sefm/TschantzW08 fatcat:5an2e6tz3vhmpi4n52wphlqa6e

Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach

Vineeth Kashyap, Ben Wiedermann, Ben Hardekopf
2011 2011 IEEE Symposium on Security and Privacy  
The goal of this paper is to understand the subtleties of timing-and termination-sensitive noninterference, explore the space of possible strategies for enforcing noninterference guarantees, and formalize  ...  Covert channels can be used to subvert these security guarantees; for example, timing and termination channels can, either intentionally or inadvertently, violate these guarantees by modifying the timing  ...  Acknowledgements: We thank Frank Piessens, Dominique Devriese, and the anonymous reviewers for their comments on this paper.  ... 
doi:10.1109/sp.2011.19 dblp:conf/sp/KashyapWH11 fatcat:o7humqfjafcwjc2zwfk2q5kjdm

On Quantitative Analysis of Probabilistic Protocols

Alessandro Aldini, Alessandra Di Pierro
2005 Electronical Notes in Theoretical Computer Science  
We advocate the use of approximate noninterference for the security analysis of probabilistic protocols.  ...  We illustrate this approach by presenting the analysis of a probabilistic nonrepudiation protocol which allows us to quantitatively estimate its fairness degree.  ...  In the following we formally introduce the process algebraic framework and the approximate noninterference approach to security (Section 2), by describing the syntax and the semantics of the probabilistic  ... 
doi:10.1016/j.entcs.2004.01.019 fatcat:3tas464iwjhonbwdstleap4uiq

Thread algebra for noninterference

Thuy Duong Vu
2008 RAIRO - Theoretical Informatics and Applications  
We prove soundness for this definition, meaning that if a thread satisfies one of these properties then it satisfies the noninterference property proposed by Goguen and Meseguer [15] .  ...  We will take the noninterference property given by Volpano et al. [D. Volpano, G. Smith and C. Irvine, J. Comput. Secur. 4 (1996) 167-187] on type systems as an example of our approach.  ...  In these approaches, if a program is well-typed according to the typing rules of a type system then it has the noninterference property.  ... 
doi:10.1051/ita:2008026 fatcat:kcihc6x2fve4zl5hm64ieqgrji

Weak Behavioral Equivalences for Verifying Secure and Performance-Aware Component-Based Systems [chapter]

Alessandro Aldini, Marco Bernardo
2009 Lecture Notes in Computer Science  
In order to strengthen the relation between these two different analysis techniques we advocate the use of performance-aware notions of behavioral equivalence as a formal means for detecting functional  ...  To achieve a balanced tradeoff among these aspects, we have previously proposed the use of a predictive methodology, which encompasses classical tools such as the noninterference approach to security analysis  ...  Acknowledgement The authors thank the anonymous referees for their valuable comments.  ... 
doi:10.1007/978-3-642-10248-6_10 fatcat:eqxcmeqwcjgqthqn7ie5dhlcai

A Hybrid Approach for Proving Noninterference of Java Programs

Ralf Kusters, Tomasz Truderung, Bernhard Beckert, Daniel Bruns, Michael Kirsten, Martin Mohr
2015 2015 IEEE 28th Computer Security Foundations Symposium  
Several tools and approaches for proving noninterference properties for Java and other languages exist.  ...  To illustrate the hybrid approach, in a case study we use this approach-along with the fully automatic tool Joana for checking noninterference properties for Java programs and the theorem prover KeY for  ...  We write I 0 S : I 1 for I 0 S and S : I 1 . For two systems S and T , we denote by S · T the composition of S and T which, formally, is the union of (declarations in) S and T .  ... 
doi:10.1109/csf.2015.28 dblp:conf/csfw/KustersTBBKM15 fatcat:jhx3t7x3szbipbyv6loalxzcsq

Downgrading policies and relaxed noninterference

Peng Li, Steve Zdancewic
2005 SIGPLAN notices  
In traditional information-flow type systems, the security policy is often formalized as noninterference properties.  ...  However, noninterference alone is too strong to express security properties useful in practice.  ...  Acknowledgements We would like to thank Stephen Chong, Stephen Tse, Geoffrey Washburn and the POPL reviewers for their valuable feedbacks and extensive proofreading of the original draft.  ... 
doi:10.1145/1047659.1040319 fatcat:sko6eopu5beqxg7soswl2yww5a
« Previous Showing results 1 — 15 out of 1,618 results