Isabella Mastroeni
ABSTRACT
Nowadays, preventing sensitive information leakage is a crucial issue. Indeed, in order to deploy secure computing systems, data protection is an aspect that cannot be ignored. In this respect, opacity is a security policy aiming at hiding the truth value of a predicate during computation. Unfortunately, despite its simple intended meaning, opacity is a quite difficult program property (indeed it is actually an hyperproperty) to guarantee. In this paper, we propose a verification mechanism, based on abstract interpretation, for opacity. Indeed, while studying the relation between opacity and abstract non-interference, a weakening of non-interference observing properties of program computations instead of concrete values, we noticed that under particular conditions opacity is implied by abstract non-interference. Hence, by exploiting the recently proposed static approach for verifying non-interference, based on hypersemantics, we can show how to verify abstract non-interference and therefore opacity.
- M. Assaf, D. A. Naumann, J. Signoles, E. Totel, and F. Tronel. 2017. Hypercollecting semantics and its application to static analysis of information flow. In Proc. of POPL. 874--887.Google Scholar
- J. W. Bryans, M. Koutny, L. Mazaré, and P. Y. A. Ryan. 2008. Opacity generalised to transition systems. Int. J. Inf. Sec. 7, 6 (2008), 421--435.Google ScholarDigital Library
- M. R. Clarkson and F. B. Schneider. 2010. Hyperproperties. Journal of Computer Security 18, 6 (2010), 1157--1210.Google ScholarCross Ref
- P. Cousot. 2002. Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theor. Comput. Sci. 277, 1--2 (2002), 47--103.Google ScholarDigital Library
- P. Cousot and R. Cousot. 1977. Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In Proc. of POPL. 238--252.Google Scholar
- M. Dalla Preda and Roberto Giacobazzi. 2005. Semantic-Based Code Obfuscation by Abstract Interpretation. In Proc. of ICALP. 1325--1336.Google ScholarDigital Library
- M. Dalla Preda and I. Mastroeni. 2018. Characterizing a property-driven obfuscation strategy. J. Comput. Secur. 26, 1 (2018), 31--69.Google ScholarDigital Library
- R. Giacobazzi and I. Mastroeni. 2004. Abstract Non-interference: Parameterizing Non-Interference by Abstract Interpretation. In Proc. of POPL. 186--197.Google Scholar
- R. Giacobazzi and I. Mastroeni. 2018. Abstract Non-Interference: A Unifying Framework for Weakening Information-flow. ACM Trans. Priv. Secur. 21, 2 (2018), 1--31.Google ScholarDigital Library
- R. Giacobazzi, F. Ranzato, and F. Scozzari. 2000. Making Abstract Interpretation Complete. Journal of the ACM 47, 2 (2000), 361--416.Google ScholarDigital Library
- D. J. D. Hughes and V. Shmatikov. 2004. Information Hiding, Anonymity and Privacy: a Modular Approach. J. Comput. Secur. 12, 1 (2004), 3--36.Google ScholarDigital Library
- S. Hunt and I. Mastroeni. 2005. The PER Model of Abstract Non-interference. In Proc. of SAS. 171--185.Google Scholar
- I. Mastroeni and M. Pasqua. 2017. Hyperhierarchy of Semantics - A Formal Framework for Hyperproperties Verification. In Proc. of SAS. 232--252.Google Scholar
- I. Mastroeni and M. Pasqua. 2018. Verifying Bounded Subset-Closed Hyperproperties. In Proc. of SAS. 1--20.Google Scholar
- I. Mastroeni and M. Pasqua. 2019. Statically analyzing information flows: an abstract interpretation-based hyperanalysis for non-interference. In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, SAC 2019. 2215--2223. Google ScholarDigital Library
- F. Ranzato and F. Tapparo. 2004. Strong Preservation as Completeness in Abstract Interpretation. In Proc. of ESOP. 18--32.Google Scholar
- P.Y.A. Ryan and T. Peacock. 2006. Opacity - Further Insights on an Information Flow Property. Technical Report CS-TR-958, University of Newcastle upon Tyne.Google Scholar
- D. Schoepe and A. Sabelfeld. 2015. Understanding and Enforcing Opacity. In Proc. of CSF. 539--553.Google Scholar
Index Terms
- Verifying opacity by abstract interpretation
Recommendations
Statically analyzing information flows: an abstract interpretation-based hyperanalysis for non-interference
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied ComputingIn the context of systems security, information flows play a central role. Unhandled information flows potentially leave the door open to very dangerous types of attacks, such as code injection or sensitive information leakage. Information flows ...
Refining Model Checking by Abstract Interpretation
Formal methods combining abstract interpretation and model-checking have been considered for automated analysis of software.
In abstract model-checking, the semantics of an infinite transition system is abstracted to get a finite approximation on which ...
Finding feasible abstract counter-examples
A strength of model checking is its ability to automate the detection of subtle system errors and produce traces that exhibit those errors. Given the high-computational cost of model checking most researchers advocate the use of aggressive property-...
Comments