Abstract
Non-interference is a semantically well-defined property that allows one to reason about the security of systems with respect to information flow policies for groups of users. Many of the security problems of implementations could be already spotted at design time if information flow would be a concern in early phases of software development. In this paper we propose a methodology for automatically verifying the interaction of objects whose behaviour is described by deterministic UML State-charts with respect to information flow policies, based on the so-called unwinding theorem. We have extended this theorem to cope with the particularities of state-charts: the use of variables, guards, actions and hierarchical states and derived results about its compositionality. In order to validate our approach, we report on an implementation of our enhanced unwinding techniques and applications to scenarios from the Smart Metering domain.
This research was partially supported by the MoDelSec Project of the DFG Priority Programme 1496 ‘“Reliably Secure Software Systems – RS3” and the EU project NESSoS (FP7 256890).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jif: Java + Information Flow, http://www.cs.cornell.edu/jif/
STAN: Information flow analysis for small embedded systems, http://stan-project.gforge.inria.fr/
The Haskell Programming Language, http://www.haskell.org/
The European Parliament and Council. Measuring instruments directive (2004/22/ec). Official Journal of the EU (2004)
Alghathbar, K., Farkas, C., Wijesekera, D.: Securing UML information flow using flowUML. Journal of Research and Practice in Information Technology, pp. 229–238. INSTICC Press (2006)
Anderson, R.J.: Security engineering - a guide to building dependable distributed systems, 2nd edn. Wiley (2008)
Barthe, G., Pichardie, D., Rezk, T.: A Certified Lightweight Non-interference Java Bytecode Verifier. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 125–140. Springer, Heidelberg (2007)
Broy, M.: A logical basis for component-oriented software and systems engineering. Comput. J. 53, 1758–1782 (2010)
Das, D., Kreikebaum, F., Divan, D., Lambert, F.: Reducing transmission investment to meet renewable portfolio standards using smart wires. In: 2010 IEEE PES Transmission and Distribution Conference and Exposition: Smart Solutions for a Changing World (2010)
Ghindici, D., Grimaud, G., Simplot-Ryl, I.: Embedding verifiable information flow analysis. In: Proc. Annual Conference on Privacy, Security and Trust, Toronto, Canada, pp. 343–352 (November 2006)
Giffhorn, D., Hammer, C.: Precise Analysis of Java Programs using JOANA (Tool Demonstration). In: 8th IEEE International Working Conference on Source Code Analysis and Manipulation, pp. 267–268 (September 2008)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: IEEE Symposium on Security and Privacy (1984)
Hammer, C.: Information flow control for Java based on path conditions in dependence graphs. In: IEEE International Symposium on Secure Software Engineering (2006)
Harel, D.: Statecharts: A visual formalism for complex systems (1987)
International Electrotechnical Commission (IEC). IEC 62351 Parts 1-8, Information Security for Power System Control Operations
Jürjens, J.: Secure Systems Development with UML. Springer (2005)
Mantel, H.: On the composition of secure systems. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 88–101 (2002)
Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes, Saarbrücken, Germany (2003)
Mealy, G.H.: A method for synthesizing sequential circuits. Bell System Technical Journal 34(5), 1045–1079 (1955)
Milner, R.: A Calculus of Communicating Systems. Springer-Verlag New York, Inc., Secaucus (1982)
National Energy Technology Laboratory. A vision for the smart grid. Report (June 2009), http://www.netl.doe.gov/moderngrid/
Network of Excellence on Engineering Secure Future Internet Software Services and Systems (Nessos). Deliverable 11.2 (2011)
von Oheimb, D.: Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 225–243. Springer, Heidelberg (2004)
Potter, C.W., Archambault, A., Westrick, K.: Building a smarter smart grid through better renewable energy information. In: 2009 IEEE/PES Power Systems Conference and Exposition, PSCE 2009 (2009)
Rushby, J.: Noninterference, transitivity and channel-control security policies. Technical report (1992)
Schneiderman, R.: Smart grid represents a potentially huge market for the electronics industry. IEEE Signal Processing Magazine 27(5), 8–15 (2010)
Tenzer, J., Stevens, P.: On modelling recursive calls and callbacks with two variants of unified modelling language state diagrams. Form. Asp. Comput. 18, 397–420 (2006)
Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4, 167–187 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ochoa, M., Jürjens, J., Cuéllar, J. (2012). Non-interference on UML State-Charts. In: Furia, C.A., Nanz, S. (eds) Objects, Models, Components, Patterns. TOOLS 2012. Lecture Notes in Computer Science, vol 7304. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30561-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-30561-0_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30560-3
Online ISBN: 978-3-642-30561-0
eBook Packages: Computer ScienceComputer Science (R0)