Skip to main content
SpringerLink
Log in

Modular Verification of Information Flow Security in Component-Based Systems

  • Conference paper
  • First Online:
Software Engineering and Formal Methods (SEFM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10469))

Included in the following conference series:

Abstract

We propose a novel method for the verification of information flow security in component-based systems. The method is (a) modular w.r.t. services and components, i.e., overall security is proved to follow from the security of the individual services provided by the components, and (b) modular w.r.t. attackers, i.e., verified security properties can be re-used to demonstrate security w.r.t. different kinds of attacks.

In a first step, user-provided security specifications for individual services are verified using program analysis techniques. In a second step, first-order formulas are generated expressing that component non-interference follows from service-level properties and in a third step that global system security follows from component non-interference. These first-order proof obligations are discharged with a first-order theorem prover. The overall approach is independent of the programming language used to implement the components. We provide a soundness proof for our method and highlight its advantages, especially in the context of evolving systems.

As a proof of concept and to demonstrate the usability of our method, we present a case study, where we verify the security of a system implemented in Java against two types of attackers. We apply the program verification system KeY and the program analysis tool Joana for analyzing individual services; modularity of our approach allows us to use them in parallel.

This work was supported by the German Ministry for Education and Research within the framework of the project KASTEL_IoE in the Competence Center for Applied Security Technology (KASTEL) and by the german research foundation in the scope of the priority program “Reliably Secure Software Systems” (grants Sn11/12-1/2/3).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

  1. 1.

    We omit discussion of high messages here, and refer to [13].

References

  1. Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M. (eds.): Deductive Software Verification - The KeY Book: From Theory to Practice. Springer, Heidelberg (2016)

    Google Scholar 

  2. Askarov, A., Chong, S., Mantel, H.: Hybrid monitors for concurrent noninterference. In: IEEE 28th Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13–17 July 2015

    Google Scholar 

  3. Barthe, G., Pichardie, D., Rezk, T.: A certified lightweight non-interference Java bytecode verifier. In: Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 125–140. Springer, Heidelberg (2007). doi:10.1007/978-3-540-71316-6_10

    Chapter  Google Scholar 

  4. Beckert, B., Bruns, D., Klebanov, V., Scheben, C., Schmitt, P.H., Ulbrich, M.: Information flow in object-oriented software. In: Gupta, G., Peña, R. (eds.) LOPSTR 2013. LNCS, vol. 8901, pp. 19–37. Springer, Heidelberg (2013). doi:10.1007/978-3-319-14125-1_2

    Chapter  Google Scholar 

  5. Chong, S., Vikram, K., Myers, A.C., et al.: SIF: Enforcing confidentiality and integrity in web applications. In: USENIX Security, vol. 7 (2007)

    Google Scholar 

  6. Clark, D., Hunt, S.: Non-interference for deterministic interactive programs. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 50–66. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01465-9_4

    Chapter  Google Scholar 

  7. Cohen, E.: Information transmission in computational systems. SIGOPS Oper. Syst. Rev. 11, 133–139 (1977)

    Article  Google Scholar 

  8. EJB 3.1 Expert Group: JSR 318: Enterprise JavaBeans, Version 3.1. Sun Microsystems (2009). https://jcp.org/en/jsr/detail?id=366. Accessed 31 Aug 2016

  9. Ereth, S., Mantel, H., Perner, M.: Towards a common specification language for information-flow security in RS3 and beyond: RIFL 1.0 - the language. Technical Report TUD-CS-2014-0115, TU Darmstadt (2014)

    Google Scholar 

  10. Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Security and Privacy (1982)

    Google Scholar 

  11. Graf, J., Hecker, M., Mohr, M.: Using Joana for information flow control in Java programs - a practical guide. In: ATPS, February 2013

    Google Scholar 

  12. Greiner, S., Grahl, D.: Non-interference with what-declassification in component-based systems. In: CSF (2016)

    Google Scholar 

  13. Greiner, S., Mohr, M., Beckert, B.: Modular verification of information flow security in component-based systems - proofs and proof of concept (2017)

    Chapter  Google Scholar 

  14. Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. J. Inf. Secur. 8, 399–422 (2009)

    Article  Google Scholar 

  15. IBM Research: T.J. Watson Library for Analysis (WALA). http://wala.sf.net

  16. Johnson, A., Waye, L., Moore, S., Chong, S.: Exploring and enforcing security guarantees via program dependence graphs. In: PLDI, June 2015

    Google Scholar 

  17. Kassios, I.T.: Dynamic frames: support for framing, dependencies and sharing without restrictions. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 268–283. Springer, Heidelberg (2006). doi:10.1007/11813040_19

    Chapter  Google Scholar 

  18. Küsters, R., Truderung, T., Beckert, B., Bruns, D., Kirsten, M., Mohr, M.: A hybrid approach for proving noninterference of Java programs. In: CSF, July 2015

    Google Scholar 

  19. Lovat, E., Fromm, A., Mohr, M., Pretschner, A.: SHRIFT system-wide hybrid information flow tracking. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 371–385. Springer, Cham (2015). doi:10.1007/978-3-319-18467-8_25

    Chapter  Google Scholar 

  20. Mantel, H.: Possibilistic definitions of security – an assembly kit. In: CSFW (2000)

    Google Scholar 

  21. Mantel, H., Sands, D., Sudbrock, H.: Assumptions and guarantees for compositional noninterference. In: CSF (2011)

    Google Scholar 

  22. Murray, T.C., Sison, R., Pierzchalski, E., Rizkallah, C.: Compositional verification and refinement of concurrent value-dependent noninterference. In: CSF (2016)

    Google Scholar 

  23. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (1999)

    Google Scholar 

  24. Nanevski, A., Banerjee, A., Garg, D.: Verification of information flow and access control policies with dependent types. In: IEEE Security and Privacy, May 2011

    Google Scholar 

  25. O’Neill, K.R., Clarkson, M.R., Chong, S.: Information-flow security for interactive programs. In: CSFW, Jul 2006

    Google Scholar 

  26. Rafnsson, W., Hedin, D., Sabelfeld, A.: Securing interactive programs. In: CSF (2012)

    Google Scholar 

  27. Sabelfeld, A., Mantel, H.: Static confidentiality enforcement for distributed programs. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 376–394. Springer, Heidelberg (2002). doi:10.1007/3-540-45789-5_27

    Chapter  MATH  Google Scholar 

  28. Sabelfeld, A., Sands, D.: A PER model of secure information flow in sequential programs. Higher-Order Symbolic Comput. 14, 59–91 (2001)

    Article  Google Scholar 

  29. Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17, 517–548 (2009)

    Article  Google Scholar 

  30. Scheben, C., Schmitt, P.H.: Verification of information flow properties of Java programs without approximations. In: Beckert, B., Damiani, F., Gurov, D. (eds.) FoVeOOS 2011. LNCS, vol. 7421, pp. 232–249. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31762-0_15

    Chapter  Google Scholar 

  31. Scheben, C., Schmitt, P.H.: Efficient self-composition for weakest precondition calculi. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 579–594. Springer, Cham (2014). doi:10.1007/978-3-319-06410-9_39

    Chapter  Google Scholar 

  32. Sheldon, M.A., Gifford, D.K.: Static dependent types for first class modules. In: Proceedings of the 1990 ACM Conference on LISP and Functional Programming. ACM (1990)

    Google Scholar 

  33. Ranganath, V.-P., et al.: Indus. http://indus.projects.cs.ksu.edu/. Last visited on 01 Feb 2017

  34. Wasserrab, D., Lohner, D.: Proving information flow noninterference by reusing a machine-checked correctness proof for slicing. In: VERIFY (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, Karlsruhe Institute of Technology, Karlsruhe, Germany

    Simon Greiner, Martin Mohr & Bernhard Beckert

Authors
  1. Simon Greiner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Mohr
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernhard Beckert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Simon Greiner .

Editor information

Editors and Affiliations

  1. University of Trento, Trento, Italy

    Alessandro Cimatti

  2. Mälardalen University, Västerås, Sweden

    Marjan Sirjani

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Greiner, S., Mohr, M., Beckert, B. (2017). Modular Verification of Information Flow Security in Component-Based Systems. In: Cimatti, A., Sirjani, M. (eds) Software Engineering and Formal Methods. SEFM 2017. Lecture Notes in Computer Science(), vol 10469. Springer, Cham. https://doi.org/10.1007/978-3-319-66197-1_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-66197-1_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-66196-4

  • Online ISBN: 978-3-319-66197-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation