Abstract

In many software applications, it is necessary to preserve confidentiality of information. Therefore, security mechanisms are needed to enforce that secret information does not leak to unauthorized users. However, most language-based techniques that enable information flow control work post-hoc, deciding whether a specific program violates a confidentiality policy. In contrast, we proposed in previous work a refinement-based approach to derive programs that preserve confidentiality-by-construction. This approach follows the principles of Dijkstra's correctness-by-construction. In this extended abstract, we present the implementation and tool support of that refinement-based approach allowing to specify the information flow policies first and to create programs in a simple while language which comply to these policies by construction. In particular, we present the idea of confidentiality-by-construction using an example and discuss the IDE C-CorC supporting this development approach.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Towards Confidentiality-by-Construction
Alexander Knüppel ... Bruce W. Watson
-
Alexander Knüppel, et. al.Alexander Knüppel ... Bruce W. Watson
01 Jan 2018
Towards a system-wide and transparent security mechanism using language-level information flow control
Mohsen Sharifi ... Mohammad Reza Azadmanesh
-
Mohsen Sharifi, et. al.Mohsen Sharifi ... Mohammad Reza Azadmanesh
07 Sep 2010
Toward automatic proof generation for information flow policies in third-party hardware IP
Yiorgos Makris ... Mohammad-Mahdi Bidmeshki
-
Yiorgos Makris, et. al.Yiorgos Makris ... Mohammad-Mahdi Bidmeshki
01 May 2015
Secure information flow by self-composition
PEDRO R. D'ARGENIO ... GILLES BARTHE
Mathematical Structures in Computer Science | VOL. 21
PEDRO R. D'ARGENIO, et. al.PEDRO R. D'ARGENIO ... GILLES BARTHE
27 Oct 2011
View more papers

More From: ACM SIGAda Ada Letters

Paper Title
Journal
Date
Author
Modeling ROS Based Applications with AADL
L. W. J. Bourdon ... E. Senn
ACM SIGAda Ada Letters | VOL. 43
L. W. J. Bourdon, et. al.L. W. J. Bourdon ... E. Senn
30 Oct 2023
Software-Based Security Approach for Networked Embedded Devices
André Souto ... José Cecílio
ACM SIGAda Ada Letters | VOL. 43
André Souto, et. al.André Souto ... José Cecílio
30 Oct 2023
C2AADL_Reverse: A Model-Driven Reverse Engineering Approach for Development and Verification of Safety-Critical Software
Zhibin Yang ... Yong Zhou
ACM SIGAda Ada Letters | VOL. 43
Zhibin Yang, et. al.Zhibin Yang ... Yong Zhou
30 Oct 2023
Achieving Crash Fault Tolerance In Autonomous Vehicle Autopilot Software Stacks Through Safety-Critical Module Rejuvenation
Federico Lucchetti ... Marcus Voelp
ACM SIGAda Ada Letters | VOL. 43
Federico Lucchetti, et. al.Federico Lucchetti ... Marcus Voelp
30 Oct 2023
View more papers