Skip to main content
SpringerLink
Log in

Run-Time Verification for Observational Determinism Using Dynamic Program Slicing

  • Conference paper
  • First Online:
Information Security (ISC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10599))

Included in the following conference series:

Abstract

Information flow security states that secret information should not affect what is publicly observable. Such a requirement is usually expressed as a noninterference policy, which in general stipulates that the executions of a program must be indistinguishable to public observers when the program runs on inputs that differ only in secret values. When applied to multithreaded programs, an appropriate noninterference policy should specifically care about the nondeterministic behavior of programs resulting from the fact that the underlying scheduler is not known a priori. Observational determinism is such a policy that we aim to enforce in multithreaded programs. To do so, we first elaborate on how the inputs that are equivalent to public observers may lead to different public outputs. This, in turn, helps us propose a run-time verification mechanism based on threaded program dependence graphs and dynamic program slicing to prevent what causes the policy to be violated. The proposed mechanism is provably sound and is more permissive than analogous static mechanisms. It is also shown that the mechanism prevents illegal information flows when programs run in environments with different thread schedulers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Goguen, J. A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, p. 11. IEEE (1982)

    Google Scholar 

  2. Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: 16th Proceedings on Computer Security Foundations Workshop, pp. 29–43. IEEE (2003)

    Google Scholar 

  3. Johnson, A., Waye, L., Moore, S., Chong, S.: Exploring and enforcing security guarantees via program dependence graphs. In: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 291–302. ACM (2015)

    Google Scholar 

  4. Abadi, M., Banerjee, A., Heintze, N., Riecke, N.G.: A core calculus of dependency. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 147–160. ACM (1999)

    Google Scholar 

  5. Bergeretti, J.F., Carré, B.A.: Information-flow and data-flow analysis of while-programs. ACM Trans. Program. Lang. Syst. (TOPLAS) 7(1), 36–61 (1985)

    Article  MATH  Google Scholar 

  6. Robschink, T., Snelting, G.: Efficient path conditions in dependence graphs. In: Proceedings of the 24th International Conference on Software Engineering, pp. 478–488. ACM (2002)

    Google Scholar 

  7. Krinke, J.: Advanced slicing of sequential and concurrent programs. In: Proceedings of the 20th IEEE International Conference on Software Maintenance, pp. 464–468. IEEE (2004)

    Google Scholar 

  8. Krinke, J.: Advanced slicing of sequential and concurrent programs. PhD thesis, University of Passau (2003)

    Google Scholar 

  9. Weiser, M.: Program slices: formal, psychological, and practical investigations of an automatic program abstraction method, PhD thesis, University of Michigan (1979)

    Google Scholar 

  10. Weiser, M.: Programmers use slices when debugging. Commun. ACM 25(7), 446–452 (1982)

    Article  Google Scholar 

  11. Weiser, M.: Program slicing. IEEE Trans. Softw. Eng. 10(4), 352–357 (1984)

    Article  MATH  Google Scholar 

  12. Tip, F.: A survey of program slicing techniques. Technical report, Amsterdam, The Netherlands (1994)

    Google Scholar 

  13. Korel, B., Laski, J.: Dynamic program slicing. Inf. Process. Lett. 29(3), 155–163 (1988)

    Article  MATH  Google Scholar 

  14. Mastroeni, I., Zanardini, D.: Abstract program slicing: an abstract interpretation-based approach to program slicing. ACM Trans. Comput. Logic (TOCL) 18(1), 7 (2017)

    Article  MATH  MathSciNet  Google Scholar 

  15. Afshin, L., Fallah, M.S.: Rewriting-based enforcement of noninterference in programs with observable intermediate values. J. Univers. Comput. Sci. 22(7), 956–991 (2016)

    MathSciNet  Google Scholar 

  16. Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. J. Inf. Secur. 8(6), 399–422 (2009)

    Article  Google Scholar 

  17. Cavadini, S., Cheda, D.: Run-time information flow monitoring based on dynamic dependence graphs. In: 3th International Conference on Availability, Reliability and Security, pp. 586–591. IEEE (2008)

    Google Scholar 

  18. Hammer, C.: Experiences with PDG-based IFC. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 44–60. Springer, Heidelberg (2010). doi:10.1007/978-3-642-11747-3_4

    Chapter  Google Scholar 

  19. Horwitz, S., Prins, J., Reps, T.: On the adequacy of program dependence graphs for representing programs. In: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 146–157. ACM (1988)

    Google Scholar 

  20. Hammer, C.: Information flow control for Java: A comprehensive approach based on path conditions in dependence graphs. PhD Thesis, Univ-Verlag Karlsruhe (2009)

    Google Scholar 

  21. Ranganath, V.P., Amtoft, T., Banerjee, A., Hatcliff, J., Dwyer, M.B.: A new foundation for control dependence and slicing for modern program structures. ACM Trans. Program. Lang. Syst. (TOPLAS) 29(5), 27 (2007)

    Article  MATH  Google Scholar 

  22. Wasserrab, D., Lohner, D., Snelting, G.: On PDG-based noninterference and its modular proof. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, pp. 31–44. ACM (2009)

    Google Scholar 

  23. Graf, J., Hecker, M., Mohr, M.: Using JOANA for information flow control in Java programs-a practical guide. In: Software Engineering (Workshops), pp. 123–138 (2013)

    Google Scholar 

  24. Giacobazzi, R., Mastroeni, I.: A proof system for abstract non-interference. J. Logic Comput. 20(2), 449–479 (2009)

    Article  MATH  MathSciNet  Google Scholar 

  25. Iranmanesh, Z., Fallah, M.S.: Specification and static enforcement of scheduler-independent noninterference in a middleweight java. Comput. Lang. Syst. Struct. 46, 20–43 (2016)

    Google Scholar 

  26. Terauchi, T.: A type system for observational determinism. In: 21th Computer Security Foundations Symposium, pp. 287–300. IEEE (2008)

    Google Scholar 

  27. Huisman, M., Worah, P., Sunesen, K.: A temporal logic characterisation of observational determinism. In: 19th Computer Security Foundations Workshop. IEEE (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Amirkabir University of Technology, 424 Hafez Ave., Tehran, Iran

    Mohammad Ghorbani & Mehran S. Fallah

Authors
  1. Mohammad Ghorbani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehran S. Fallah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mehran S. Fallah .

Editor information

Editors and Affiliations

  1. Inria, Tokyo, Japan

    Phong Q. Nguyen

  2. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ghorbani, M., Fallah, M.S. (2017). Run-Time Verification for Observational Determinism Using Dynamic Program Slicing. In: Nguyen, P., Zhou, J. (eds) Information Security. ISC 2017. Lecture Notes in Computer Science(), vol 10599. Springer, Cham. https://doi.org/10.1007/978-3-319-69659-1_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69659-1_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69658-4

  • Online ISBN: 978-3-319-69659-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation