Abstract
Synchronisation is fundamental to concurrent programs. This paper investigates the security of information flow in multi-threaded programs in the presence of synchronisation. We give a small-step operational semantics for a simple shared-memory multi-threaded language with synchronisation, and present a compositional timing-sensitive bisimulation- based confidentiality specification. We propose a type-based analysis improving on previous approaches to reject potentially insecure programs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Abadi, A. Banerjee, N. Heintze, and J. Riecke. A core calculus of dependency. In POPL’99, Proceedings of the 26th Annual ACM Symposium on Principles of Programming Languages (January 1999), 1999.
J. Agat. Transforming out timing leaks. In Proceedings of the ACM Symposium on Principles of Programming Languages, pages 40–53, January 2000.
J. Agat and D. Sands. On Confidentiality and Algorithms. In Proceedings of 2001 IEEE Symposium on Security and Privacy, May 2001.
G. R. Andrews and R. P. Reitman. An axiomatic approach to information flow in programs. ACM TOPLAS, 2(1):56–75, January 1980.
Gregory R. Andrews. Foundations of Multithreaded, Parallel, and Distributed Programming. Addison Wesley, 2000.
J.-P. Banatre, C. Bryce, and D. Le Metayer. Compile-time detection of information flow in sequential programs. LNCS, 875:55–73, 1994.
E. S. Cohen. Information transmission in sequential programs. In Richard A. DeMillo, David P. Dobkin, Anita K. Jones, and Richard J. Lipton, editors, Foundations of Secure Computation, pages 297–335. Academic Press, 1978.
D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236–243, May 1976.
D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504–513, July 1977.
E.W. Dijkstra. Cooperating sequential processes. In F. Genuys, editor, Programming Languages, pages 43–112. Academic Press, 1968.
N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In Conference Record of the Twenty-Fifth Annual ACM Symposium on Principles of Programming Languages, pages 365–377, 1998.
K. R. M. Leino and Rajeev Joshi. A semantic approach to secure information flow. Science of Computer Programming, 37(1), 2000.
D. McCullough. Specifications for multi-level security and hook-up property. In Proceedings of the IEEE Symposium on Security and Privacy, pages 161–166, 1987.
M. Mizuno and D. Schmidt. A security flow control algorithm and its denotational semantics correctness proof. Formal Aspects of Computing, 4(6A):727–754, 1992.
P. Ørbæk. Can you Trust your Data? In Proceedings of the TAPSOFT/FASE’95 Conference, LNCS 915, pages 575–590, May 1995.
A. Sabelfeld. Semantic Models for the Security of Sequential and Concurrent Programs. PhD thesis, Chalmers University of Technology and Göteborg University, May 2001.
A. Sabelfeld and D. Sands. Probabilistic noninterference for multi-threaded programs. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, pages 200–214, Cambridge, England, July 2000.
A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. Higher-Order and Symbolic Computation, 14(1):59–91, March 2001.
G. Smith. Personal communication, 2000.
G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 355–364, 19–21 January 1998.
D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. Journal of Computer Security, 7(2,3):231–253, November 1999.
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. J. Computer Security, 4(3):1–21, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sabelfeld, A. (2001). The Impact of Synchronisation on Secure Information Flow in Concurrent Programs. In: Bjørner, D., Broy, M., Zamulin, A.V. (eds) Perspectives of System Informatics. PSI 2001. Lecture Notes in Computer Science, vol 2244. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45575-2_22
Download citation
DOI: https://doi.org/10.1007/3-540-45575-2_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43075-9
Online ISBN: 978-3-540-45575-2
eBook Packages: Springer Book Archive