Matrix multiplication via arithmetic progressions
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Three partition refinement algorithms
SIAM Journal on Computing
Efficient generation of counterexamples and witnesses in symbolic model checking
DAC '95 Proceedings of the 32nd annual ACM/IEEE Design Automation Conference
Stutter-invariant temporal properties are expressible without the next-time operator
Information Processing Letters
Probabilistic noninterference in a concurrent language
Journal of Computer Security
Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
CSP and determinism in security modelling
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Formally verifying information flow type systems for concurrent and thread systems
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
A distributed algorithm for strong bisimulation reduction of state spaces
International Journal on Software Tools for Technology Transfer (STTT) - Special section on parallel and distributed model checking
Type-based information flow analysis for the π-calculus
Acta Informatica - Special issue: Types in concurrency. Part II , Guest Editor: R. De Nicola, D. Sangiorgi
A Temporal Logic Characterisation of Oservational Determinism
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Algorithmic Verification of Noninterference Properties
Electronic Notes in Theoretical Computer Science (ENTCS)
Quantitative analysis of leakage for multi-threaded programs
Proceedings of the 2007 workshop on Programming languages and analysis for security
Dynamic Dependency Monitoring to Secure Information Flow
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Automaton-based Confidentiality Monitoring of Concurrent Programs
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A framework for counterexample generation and exploration
International Journal on Software Tools for Technology Transfer (STTT)
Principles of Model Checking (Representation and Mind Series)
Principles of Model Checking (Representation and Mind Series)
A Type System for Observational Determinism
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Counterexample Generation in Probabilistic Model Checking
IEEE Transactions on Software Engineering
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Significant Diagnostic Counterexamples in Probabilistic Model Checking
HVC '08 Proceedings of the 4th International Haifa Verification Conference on Hardware and Software: Verification and Testing
Automated Analysis of Java Methods for Confidentiality
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Model checking on trees with path equivalences
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Flexible scheduler-independent security
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
On the relation between differential privacy and quantitative information flow
ICALP'11 Proceedings of the 38th international conference on Automata, languages and programming - Volume Part II
Quantitative information flow and applications to differential privacy
Foundations of security analysis and design VI
LTSMIN: distributed and symbolic reachability
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Scheduler-specific confidentiality for multi-threaded programs and its logic-based verification
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Dynamic information flow control architecture for web applications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Confidentiality for probabilistic multi-threaded programs and its verification
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
| Hi-index | 0.00 |
This paper studies how confidentiality properties of multi-threaded programs can be verified efficiently by a combination of newly developed and existing model checking algorithms. In particular, we study the verification of scheduler-specific observational determinism SSOD, a property that characterizes secure information flow for multi-threaded programs under a given scheduler. Scheduler-specificness allows us to reason about refinement attacks, an important and tricky class of attacks that are notorious in practice. SSOD imposes two conditions: SSOD-1 all individual public variables have to evolve deterministically, expressed by requiring stuttering equivalence between the traces of each individual public variable, and SSOD-2 the relative order of updates of public variables is coincidental, i.e., there always exists a matching trace.We verify the first condition by reducing it to the question whether all traces of each public variable are stuttering equivalent. To verify the second condition, we show how the condition can be translated, via a series of steps, into a standard strong bisimulation problem. Our verification techniques can be easily adapted to verify other formalizations of similar information flow properties.We also exploit counter example generation techniques to synthesize attacks for insecure programs that fail either SSOD-1 or SSOD-2, i.e., showing how confidentiality of programs can be broken.