Enforcing security and safety models with an information flow analysis tool

Authors:
Roderick Chapman;Adrian Hilton
Affiliations:
Praxis Critical Systems Ltd., Bath, United Kingdom;Praxis Critical Systems Ltd., Bath, United Kingdom
Venue:
Proceedings of the 2004 annual ACM SIGAda international conference on Ada: The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies
Year:
2004

Citing 6
Cited 17

Information-flow and data-flow analysis of while-programs

ACM Transactions on Programming Languages and Systems (TOPLAS)
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems
Correctness by Construction: Developing a Commercial Secure System

IEEE Software
Is Proof More Cost-Effective Than Testing?

IEEE Transactions on Software Engineering
High Integrity Software: The SPARK Approach to Safety and Security

High Integrity Software: The SPARK Approach to Safety and Security
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Ada and the control of intrusion

ACM SIGAda Ada Letters
Verification condition generation for conditional information flow

Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Specification and Checking of Software Contracts for Conditional Information Flow

FM '08 Proceedings of the 15th international symposium on Formal Methods
Termination-Insensitive Noninterference Leaks More Than Just a Bit

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Contract-Based Reasoning for Verification and Certification of Secure Information Flow Policies in Industrial Workflows

ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
All Secrets Great and Small

ESOP '09 Proceedings of the 18th European Symposium on Programming Languages and Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Catch me if you can: permissive yet secure error handling

Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Arrows for secure information flow

Theoretical Computer Science
Security of multithreaded programs by compilation

ACM Transactions on Information and System Security (TISSEC)
Authentication and access control in RFID based logistics-customs clearance service platform

International Journal of Automation and Computing
From exponential to polynomial-time security typing via principal types

ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Multi-run security

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Smart certification of mixed criticality systems

Ada-Europe'05 Proceedings of the 10th Ada-Europe international conference on Reliable Software Technologies
Limiting information leakage in event-based communication

Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
From dynamic to static and back: riding the roller coaster of information-flow control research

PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Precise and automated contract-based reasoning for verification and certification of information flow properties of programs with arrays

ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
A certificate infrastructure for machine-checked proofs of conditional information flow

POST'12 Proceedings of the First international conference on Principles of Security and Trust

Quantified Score

Hi-index	0.00

Visualization

Abstract

Existing security models require that information of a given security level be prevented from ``leaking'' into lower-security information. High-security applications must be demonstrably free of such leaks, but such demonstration may require substantial manual analysis. Other authors have argued that the natural way to enforce these models automatically is with information-flow analysis, but have not shown this to be practicable for general purpose programming languages in current use. Modern safety-critical systems can contain software components with differing safety integrity levels, potentially operating in the same address space. This case poses problems similar to systems with differing security levels; failure to show separation of data may require the entire system to be validated at the higher integrity level. In this paper we show how the information flow model enforced by the SPARK Examiner provides support for enforcing these security and safety models. We describe an extension to the SPARK variable annotations which allows the specification of a security or safety level for each state variable, and an extension to the SPARK analysis which automatically enforces a given information flow policy on a SPARK program.