Abstract
We develop a lightweight approach to information flow control that interacts with the use of cryptographic schemes. The language is a version of Dijkstra’s Guarded Commands language extended with parallelism, communication and symmetric cryptography. Information flow is modelled using security labels that are sets of hashed symmetric keys expressing the capabilities needed for access to data. In essence, encryption is used to encapsulate the protection offered by the information flow policy. We develop a type system aimed at tracking explicit, implicit, bypassing and correlation flows arising due to the parallel processes and the internal non-determinism inherent in Guarded Commands. The development is facilitated by the parallel processes having disjoint memories and is illustrated on a multiplexer scenario previously addressed using content-dependent information flow policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
De Nicola, R., Ferrari, G.L., Pugliese, R.: KLAIM: a kernel language for agents interaction and mobility. IEEE Trans. Softw. Eng. 24(5), 315–330 (1998)
De Nicola, R., et al.: From flow logic to static type systems for coordination languages. Sci. Comput. Program. 75(6), 376–397 (2010)
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)
Fielder, A., Panaousis, E.A., Malacaria, P., Hankin, C., Smeraldi, F.: Decision support approaches for cyber security investment. Decis. Support Syst. 86, 13–23 (2016)
Gollmann, D.: Computer Security, 3rd edn. Wiley, Hoboken (2011)
Hankin, C.: Lambda Calculi: a Guide for Computer Scientists. Oxford University Press, Oxford (1994)
Huth, M., Nielson, F.: Static analysis for proactive security. In: Steffen, B., Woeginger, G. (eds.) Computing and Software Science. LNCS, vol. 10000, pp. 374–392. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-91908-9_19
Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9(4), 410–442 (2000)
Nielson, F., Nielson, H.R.: Atomistic Galois insertions for flow sensitive integrity. Comput. Lang. Syst. Struct. 50, 82–107 (2017)
Nielson, F., Nielson, H.R.: Formal Methods: An Appetizer. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-05156-3. ISBN 9783030051556
Nielson, F., Nielson, H.R.: Lightweight information flow. In: Boreale, M., Corradini, F., Loreti, M., Pugliese, R. (eds.) Models, Languages, and Tools for Concurrent and Distributed Programming. LNCS, vol. 11665, pp. 455–470. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21485-2_25
Nielson, F., Nielson, H.R., Vasilikos, P.: Information flow for timed automata. In: Aceto, L., Bacci, G., Bacci, G., Ingólfsdóttir, A., Legay, A., Mardare, R. (eds.) Models, Algorithms, Logics and Tools. LNCS, vol. 10460, pp. 3–21. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63121-9_1
Nielson, H.R., Nielson, F.: Content dependent information flow control. J. Log. Algebr. Methods Program. 87, 6–32 (2017)
Pettai, M., Laud, P.: Combining differential privacy and mutual information for analyzing leakages in workflows. In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 298–319. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_14
Volpano, D.M., Irvine, C.E.: Secure flow typing. Comput. Secur. 16(2), 137–144 (1997)
Volpano, D.M., Irvine, C.E., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2/3), 167–188 (1996)
Yang, F., Hankin, C., Nielson, F., Nielson, H.R.: Predictive access control for distributed computation. Sci. Comput. Program. 78(9), 1264–1277 (2013)
Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Proceedings of Computer Security Foundations Workshop, CSFW 2003, pp. 29–43 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Nielson, F., Nielson, H.R. (2020). Secure Guarded Commands. In: Di Pierro, A., Malacaria, P., Nagarajan, R. (eds) From Lambda Calculus to Cybersecurity Through Program Analysis. Lecture Notes in Computer Science(), vol 12065. Springer, Cham. https://doi.org/10.1007/978-3-030-41103-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-41103-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41102-2
Online ISBN: 978-3-030-41103-9
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)