Skip to main content
SpringerLink
Log in

Class-level Non-Interference

  • Published:
New Generation Computing Aims and scope Submit manuscript

Abstract

The Information-Flow property of Non-Interference was recently relaxed into Abstract Non-Interference (ANI), a weakened version where attackers can only observe properties of data, rather than their exact value. ANI was originally defined on integers, where a property models the set of numbers satisfying it. The present work proposes an Object-Oriented, Java-based formulation of an instance of ANI where data take the form of objects, and the observed property comes to be their type. The execution of a program is taken to be the invocation of some method by an external user: a class is secure if, for all its (non-private) methods, the type of their low-security data after the execution does not depend on the initial type of its high-security data (i.e., there are no illicit flows). The relation to ANI theory (in its abstract version) can be seen in the representation of abstract domains in terms of class hierarchies: an upper closure operator map an object into the smallest class it is an instance of. An analyzer for a non-trivial subset of Java is illustrated. A sketch of a soundness proof is provided: a program is never misclassified as secure, i.e., it is rejected whenever the absence of illicit ows cannot be guaranteed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., Banerjee, A., Heintze, N. and Riecke, J., “A core calculus of dependency,” in Proc. ACM Symp. on Principles of Programming Languages, pp. 147–160, ACM Press, San Antonio, Texas, USA, January 1999.

  2. Amtoft, T., Bandhakavi, S. and Banerjee, A., “A logic for information ow in objectoriented programs,” in Proc. ACM Symp. on Principles of Programming Languages (Jones, S. ed.), ACM Press, Charleston, South Carolina, USA, January 2006.

  3. Banerjee, A. and Naumann, D., “Stack-based access control and secure information ow,” Journal of Functional Programming, 2, 15, pp. 131–177, March 2005.

  4. Bueno, F., Cabeza, D., Carro, M., Hermenegildo, M., Lóopez, P. and Puebla, G., “The Ciao System,” Reference Manual (v1.13). Technical report, School of Computer Science (UPM), 2006. Available at http://www.ciaohome.org.

  5. Cartwright, I. and Felleisen, M., “The semantics of program dependence,” in Proc. SIGPLAN Conf. on Programming Language Design and Implementation, pp. 13–27, ACM Press, Portland, Oregon, USA, 1989.

  6. Chong, S. and Myers, A., “End-to-end enforcement of erasure and declassification,” in Proc. IEEE Computer Security Foundations Symposium, Pittsburgh, Pennsylvania, USA, June 2008.

  7. Cousot, P., “Types as abstract interpretations,” invited paper, in Proc. ACM Symp. on Principles of Programming Languages, pp. 316–331, ACM Press, Paris, France, January 1997.

  8. Cousot, P. and Cousot, R., “Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints,” in Proc. ACM Symp. on Principles of Programming Languages, pp. 238–252, ACM Press, Los Angeles, California, USA, 1977.

  9. Cousot, P. and Cousot, R., “Systematic design of program analysis frameworks,” in Proc. ACM Symp. on Principles of Programming Languages, pp. 269–282, ACM Press, San Antonio, Texas, USA, 1979.

  10. Giacobazzi, R. and Mastroeni, I., “Abstract non-interference: Parameterizing non-interference by abstract interpretation,” in Proc. ACM Symp. on Principles of Programming Languages (Jones, N. and Leroy, X., eds.), pp. 186–197, ACM Press, Venice, Italy, January 2004.

  11. Giacobazzi, R. and Mastroeni, I., “Proving abstract non-interference,” in Proc. Conf. on Computer Science Logic, LNCS 3210, pp. 280–294, Springer-Verlag, Karpacz, Poland, 2004.

  12. Giacobazzi, R., Ranzato, F. and Scozzari, F., “Making abstract interpretations complete,” Journal of the Association for Computing Machinery, 47, 2, pp. 361–416, 2000.

  13. Goguen, J. and Meseguer, J., “Security policies and security models,” in Proc. IEEE Symp. on Security and Privacy, pp. 11–20, IEEE Computer Society Press, 1982.

  14. Mastroeni, I. and Zanardini, D., “Data Dependencies and Program Slicing: from Syntax to Abstract Semantics,” in Proc. Workshop on Partial Evaluation and Program Manipulation, pp. 125–134, ACM Press, San Francisco, California, USA, January 2008.

  15. Myers, A., “JFlow: practical mostly-static information flow control,” in Proc. ACM Symp. on Principles of Programming Languages, pp. 228–241, ACM Press, San Antonio, Texas, USA, January 1999.

  16. Necula, G., “Proof-Carrying Code,” in Proc. ACM Symp. on Principles of Programming Languages, ACM Press, Paris, France, January 1997.

  17. Palsberg, J. and Schwartzbach, M., “Object-oriented type inference,” in Proc. Conf. on Object-Oriented Programming Languages, Systems, and Applications (Paepcke, A. ed.), ACM SIGPLAN Notices, 26, pp. 146–161, ACM Press, Phoenix, Arizona, USA, November 1991.

  18. Reddy, U. S., “Objects as closures: Abstract semantics of object-oriented languages,” in Proc. ACM Conference on Lisp and Functional Programming, pp. 289–297, ACM Press, 1988.

  19. Rival, X., “Abstract dependences for alarm diagnosis,” in Proc. Asian Symp. on Programming Languages and Systems (Yi, K. ed.), LNCS 3780, pp. 347–363, Springer-Verlag, Tsukuba, Japan, November 2005.

  20. Sabelfeld, A. and Myers, A., “Language-based information-flow security,” IEEE Journal on Selected Areas in Communications, 21, 1, pp. 5–19, January 2003.

  21. Secci, S. and Spoto, F., “Pair-Sharing Analysis of Object-Oriented Programs,” in Proc. Symp. on Static Analysis (Hankin, C. ed.), LNCS 3672, pp. 320–335, Springer-Verlag, London, UK, August 2005.

  22. Spoto, F. and Jensen, T., “Class Analyses as Abstract Interpretations of Trace Semantics,” ACM Transactions on Programming Languages and Systems, 25, 5, pp. 578–630, September 2003.

  23. Zanardini, D., “Higher-Order Abstract Non-Interference,” in Proc. Int. Conf. on Typed Lambda Calculi and Applications (Urzyczyn, P. ed.), LNCS 3461, Springer-Verlag, Nara, Japan, April 2005.

  24. Zanardini, D., “Abstract Non-Interference in a fragment of Java bytecode,” in Proc. ACM Symp. on Applied Computing, Dijon, France, April 2006.

  25. Zanardini, D., “Analyzing Non-Interference with respect to Classes,” in Proc. Italian Conf. on Theoretical Computer Science, World Scientific, Roma, Italy, October 2007.

  26. Zanardini, D., “The Semantics of Abstract Program Slicing,” in Proc. Int. Work- shop on Source Code Analysis and Manipulation, IEEE Computer Society Press, Beijing, China, September 2008.

  27. Zdancewic, S. and Myers, A., “Robust declassification,” in Proc. IEEE Com- puter Security Foundations Workshop, pp. 15–23, Cape Breton, Nova Scotia, Canada, June 2001.

Download references

Author information

Authors and Affiliations

  1. Departamento de Inteligencia Artificial Facultad de Informática, Universidad Politécnica de Madrid, E-28660 Boadilla del Monte, Madrid, Spain

    Damiano Zanardini

Authors
  1. Damiano Zanardini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Damiano Zanardini.

About this article

Cite this article

Zanardini, D. Class-level Non-Interference. New Gener. Comput. 30, 241–270 (2012). https://doi.org/10.1007/s00354-012-0207-7

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00354-012-0207-7

Keywords

Search

Navigation