Abstract
Preserving the confidentiality of information is a growing concern in software development. Secure information flow is intended to maintain the confidentiality of sensitive information by preventing them from flowing to attackers. This paper discusses how to ensure confidentiality for multi-threaded programs through a property called observational determinism. Operational semantics of multi-threaded programs are modeled using Kripke structures. Observational determinism is formalized in terms of divergence weak low-bisimulation. Bisimulation is an equivalence relation associating executions that simulate each other. The new property is called bisimulation-based observational determinism. Furthermore, a model checking method is proposed to verify the new property and ensure that secure information flow holds in a multi-threaded program. The model checking method successively refines the Kripke model of the program until the quotient of the model with respect to divergence weak low-bisimulation is reached. Then, bisimulation-based observational determinism is checked on the quotient, which is a minimized model of the concrete Kripke model. The time complexity of the proposed method is polynomial in the size of the Kripke model. The proposed approach has been implemented on top of PRISM, a probabilistic model checking tool. Finally, a case study is discussed to show the applicability of the proposed approach.
Highlights
The increase in number and variety of security attacks on computing systems amplifies the need for improvement in protection mechanisms against the security attacks
The proposed approach consists of two main parts: (1) a new formalization, Bisimulation-based Observational Determinism (BOD), for specifying secure information flow for multi-threaded programs (Section 4.1) and (2) a polynomial-time algorithm for verifying BOD to ensure that BOD holds in a multi-threaded program (Section 4.2)
Aiming at a widely-applicable scheduler-independent analysis for secure information flow, a bisimulation-based foundation was proposed in terms of the semantics of state transition systems
Summary
The increase in number and variety of security attacks on computing systems amplifies the need for improvement in protection mechanisms against the security attacks. This program has a direct flow, since the attacker can infer secret information (h) by observing the public variable (l) As another example, consider the program if h>0 l:=-5 else l:=5, which has an indirect flow. Verifying confidentiality of multi-threaded programs and ensuring secure information flows is the main motivation of this paper. To ensure secure information flow in multi-threaded programs, a confidentiality property needs to be formalized and a verification method is needed to check whether the program satisfies the property or not. The proposed approach consists of two main parts: (1) a new formalization, Bisimulation-based Observational Determinism (BOD), for specifying secure information flow for multi-threaded programs (Section 4.1) and (2) a polynomial-time algorithm for verifying BOD to ensure that BOD holds in a multi-threaded program (Section 4.2).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
