Precise and automated contract-based reasoning for verification and certification of information flow properties of programs with arrays

Authors:
Torben Amtoft;John Hatcliff;Edwin Rodríguez
Affiliations:
SAnToS Laboratory, Kansas State University;SAnToS Laboratory, Kansas State University;SAnToS Laboratory, Kansas State University
Venue:
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Year:
2010

Citing 21
Cited 4

Information-flow and data-flow analysis of while-programs

ACM Transactions on Programming Languages and Systems (TOPLAS)
A practical algorithm for exact array dependence analysis

Communications of the ACM
Advanced compiler design and implementation

Advanced compiler design and implementation
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
The Science of Programming

The Science of Programming
A Type-Based Approach to Program Security

TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Design and verification of secure systems

SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
Secure Information Flow by Self-Composition

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Lenient Array Operations for Practical Secure Information Flow

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Enforcing security and safety models with an information flow analysis tool

Proceedings of the 2004 annual ACM SIGAda international conference on Ada: The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies
A logic for information flow in object-oriented programs

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient path conditions in dependence graphs for software safety analysis

ACM Transactions on Software Engineering and Methodology (TOSEM)
Formal specification and verification of data separation in a separation kernel for an embedded system

Proceedings of the 13th ACM conference on Computer and communications security
Verification condition generation for conditional information flow

Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Specification and Checking of Software Contracts for Conditional Information Flow

FM '08 Proceedings of the 15th international symposium on Formal Methods
History-based access control and secure information flow

CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
A theorem proving approach to analysis of secure information flow

SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Secure information flow as a safety problem

SAS'05 Proceedings of the 12th international conference on Static Analysis
From coupling relations to mated invariants for checking information flow

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

An accurate type system for information flow in presence of arrays

FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems
Relational decomposition

ITP'11 Proceedings of the Second international conference on Interactive theorem proving
A certificate infrastructure for machine-checked proofs of conditional information flow

POST'12 Proceedings of the First international conference on Principles of Security and Trust
Idea: writing secure c programs with secprove

ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Embedded information assurance applications that are critical to national and international infrastructures, must often adhere to certification regimes that require information flow properties to be specified and verified. SPARK, a subset of Ada for engineering safety critical systems, is being used to develop multiple certified information assurance systems. While SPARK provides information flow annotations and associated automated checking mechanisms, industrial experience has revealed that these annotations are not precise enough to specify many desired information flow policies. One key problem is that arrays are treated as indivisible entities – flows that involve only particular locations of an array have to be abstracted into flows on the whole array. This has substantial practical impact since SPARK does not allow dynamic allocation of memory, and hence makes heavy use of arrays to implement complex data structures. In this paper, we present a Hoare logic for information flow that enables precise compositional specification of information flow in programs with arrays, and automated deduction algorithms for checking and inferring contracts in an enhanced SPARK information flow contract language. We demonstrate the expressiveness of the enhanced contracts and effectiveness of the automated verification algorithm on realistic embedded applications.