Skip to main content
SpringerLink
Log in

Verification of Information Flow Properties of Java Programs without Approximations

  • Conference paper
Formal Verification of Object-Oriented Software (FoVeOOS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7421))

Abstract

In this paper we propose a methodology for the specification and verification of information flow properties for sequential Java programs. This proposal also covers declassification. We define an extension of the Java Modeling Language (JML) that significantly goes beyond previous approaches. The JML specification clauses are translated into proof obligations in Dynamic Logic. An experimental implementation within the KeY-system shows the feasibility of the approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amtoft, T., Banerjee, A.: Information Flow Analysis in Logical Form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100–115. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  2. Banerjee, A., Naumann, D.A., Rosenberg, S.: Expressive declassification policies and modular static enforcement. In: IEEE Symp. on Security and Privacy, pp. 339–353 (2008)

    Google Scholar 

  3. Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: Proceedings of the 17th IEEE Workshop on Computer Security Foundations, CSFW 2004, pp. 100–115. IEEE Computer Society, Washington, DC (2004)

    Chapter  Google Scholar 

  4. Bubel, R., Hähnle, R., Weiß, B.: Abstract Interpretation of Symbolic Execution with Explicit State Updates. In: de Boer, F.S., Bonsangue, M.M., Madelaine, E. (eds.) FMCO 2008. LNCS, vol. 5751, pp. 247–277. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Darvas, Á., Hähnle, R., Sands, D.: A Theorem Proving Approach to Analysis of Secure Information Flow. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 193–209. Springer, Heidelberg (2005), doi:10.1007/978-3-540-32004-3_20

    Chapter  Google Scholar 

  6. Dufay, G., Felty, A.P., Matwin, S.: Privacy-Sensitive Information Flow with JML. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 116–130. Springer, Heidelberg (2005), doi:10.1007/11532231_9

    Chapter  Google Scholar 

  7. Haack, C., Poll, E., Schubert, A.: Explicit information flow properties in JML. In: 3rd Benelux Workshop on Information and System Security (WISSec) (November 2008)

    Google Scholar 

  8. Hähnle, R., Pan, J., Rümmer, P., Walter, D.: Integration of a Security Type System into a Program Logic. In: Montanari, U., Sannella, D., Bruni, R. (eds.) TGC 2006. LNCS, vol. 4661, pp. 116–131. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Harel, D.: First-Order Dynamic Logic. LNCS, vol. 68. Springer, Heidelberg (1979)

    Book  MATH  Google Scholar 

  10. Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. The MIT Press (2000)

    Google Scholar 

  11. Hunt, S., Sands, D.: On flow-sensitive security types. In: Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, pp. 79–90. ACM, New York (2006)

    Chapter  Google Scholar 

  12. Kassios, I.: The dynamic frames theory. Formal Aspects of Computing 23, 267–288 (2011), doi:10.1007/s00165-010-0152-5

    Article  MathSciNet  MATH  Google Scholar 

  13. Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: a behavioral interface specification language for Java. SIGSOFT Softw. Eng. Notes 31, 1–38 (2006)

    Article  Google Scholar 

  14. Myers, A.C.: Jflow: practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1999, pp. 228–241. ACM, New York (1999)

    Chapter  Google Scholar 

  15. Nanevski, A., Banerjee, A., Garg, D.: Verification of information flow and access control policies with dependent types. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 165–179 (May 2011)

    Google Scholar 

  16. Pan, J.: A theorem proving approach to analysis of secure information flow using data abstraction. Master’s thesis, Department of Computer Science and Engineering, Chalmers University of Technology (2005)

    Google Scholar 

  17. Ranise, S., Tinelli, C.: The SMT-LIB standard, v 1.2. Technical report, U. of Iowa (2006)

    Google Scholar 

  18. Sabelfeld, A., Myers, A.C.: A Model for Delimited Information Release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004), doi:10.1007/978-3-540-37621-7_9

    Chapter  Google Scholar 

  19. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  20. Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. J. Comput. Secur. 17, 517–548 (2009)

    Google Scholar 

  21. van Delft, B.: Abstraction, objects and information flow analysis. Master’s thesis, Institute for Computing and Information Science, Radboud University Nijmegen (2011)

    Google Scholar 

  22. Warnier, M.: Language Based Security for Java and JML. PhD thesis, Radboud University, Nijmegen, The Netherlands (2006)

    Google Scholar 

  23. Weiß, B.: Deductive Verification of Object-Oriented Software: Dynamic Frames, Dynamic Logic and Predicate Abstraction. PhD thesis, Karlsruhe Institute of Technology (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Karlsruhe Institute of Technology (KIT), Am Fasanengarten 5, 76131, Karlsruhe, Germany

    Christoph Scheben & Peter H. Schmitt

Authors
  1. Christoph Scheben
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter H. Schmitt
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Theoretical Informatics, Karlsruhe Institute of Technology, Am Fasanengarten 5, 76131, Karlsruhe, Germany

    Bernhard Beckert

  2. Dipartimento di Informatica, Università di Torino, Italy

    Ferruccio Damiani

  3. Royal Institute of Technology, Stockholm, Sweden

    Dilian Gurov

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Scheben, C., Schmitt, P.H. (2012). Verification of Information Flow Properties of Java Programs without Approximations. In: Beckert, B., Damiani, F., Gurov, D. (eds) Formal Verification of Object-Oriented Software. FoVeOOS 2011. Lecture Notes in Computer Science, vol 7421. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31762-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31762-0_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31761-3

  • Online ISBN: 978-3-642-31762-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation