Article

A certificate infrastructure for machine-checked proofs of conditional information flow

Authors:

Lennart Beringer,

Andrew CousinoAuthors Info & Claims

POST'12: Proceedings of the First international conference on Principles of Security and Trust

Pages 369 - 389

https://doi.org/10.1007/978-3-642-28641-4_20

Published: 24 March 2012 Publication History

Abstract

In previous work, we have proposed a compositional framework for stating and automatically verifying complex conditional information flow policies using a relational Hoare logic. The framework allows developers and verifiers to work directly with the source code using source-level code contracts. In this work, we extend that approach so that the algorithm for verifying code compliance to an information flow contract emits formal certificates of correctness that are checked in the Coq proof assistant. This framework is implemented in the context of SPARK - a subset of Ada that has been used in a number of industrial contexts for implementing certified safety and security critical systems.

References

[1]

Amtoft, T., Hatcliff, J., Rodríguez, E., Robby, Hoag, J., Greve, D. A.: Specification and Checking of Software Contracts for Conditional Information Flow. In: Cuellar, J., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 229-245. Springer, Heidelberg (2008)

Digital Library

[2]

Amtoft, T., Hatcliff, J., Rodríguez, E.: Precise and Automated Contract-Based Reasoning for Verification and Certification of Information Flow Properties of Programs with Arrays. In: Gordon, A. D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 43-63. Springer, Heidelberg (2010)

Digital Library

[3]

Barnes, J., Chapman, R., Johnson, R., Widmaier, J., Cooper, D., Everett, B.: Engineering the Tokeneer enclave protection software. In: Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE 2006). IEEE Press (2006)

[4]

Amtoft, T., Dodds, J., Zhang, Z., Appel, A., Beringer, L., Hatcliff, J., Ou, X., Cousino, A.: A certificate infrastructure for machine-checked proofs of conditional information flow (2012), http://santos.cis.ksu.edu/papers/Amtoft-al-POST12/

[5]

Amtoft, T., Banerjee, A.: Verification condition generation for conditional information flow. In: 5th ACMWorkshop on Formal Methods in Security Engineering (FMSE 2007), pp. 2-11. George Mason University, ACM (2007)

Digital Library

[6]

Armand, M., Faure, G., Grégoire, B., Keller, C., Théry, L., Werner, B.: A Modular Integration of SAT/SMT Solvers to Coq through Proof Witnesses. In: Jouannaud, J.-P., Shao, Z. (eds.) CPP 2011. LNCS, vol. 7086, pp. 135-150. Springer, Heidelberg (2011)

Digital Library

[7]

Heitmeyer, C. L., Archer, M., Leonard, E. I., McLean, J.: Formal specification and verification of data separation in a separation kernel for an embedded system. In: 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 346-355 (2006)

Digital Library

[8]

Bergeretti, J. F., Carré, B. A.: Information-flow and data-flow analysis of while-programs. ACM Transactions on Programming Languages and Systems 7, 37-61 (1985)

Digital Library

[9]

Volpano, D. M., Smith, G.: A Type-Based Approach to Program Security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607-621. Springer, Heidelberg (1997)

Digital Library

[10]

Chapman, R., Hilton, A.: Enforcing security and safety models with an information flow analysis tool. ACM SIGAda Ada Letters XXIV, 39-46 (2004)

Digital Library

[11]

Amtoft, T., Banerjee, A.: Information Flow Analysis in Logical Form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100-115. Springer, Heidelberg (2004)

[12]

Necula, G.C.: Proof-carrying code. In: POPL 1997, pp. 106-119. ACM Press (1997)

Digital Library

[13]

Appel, A. W.: Foundational proof-carrying code. In: LICS 2001. IEEE Computer Society (2001)

Digital Library

[14]

Sannella, D., Hofmann, M., Aspinall, D., Gilmore, S., Stark, I., Beringer, L., Loidl, H. W., MacKenzie, K., Momigliano, A., Shkaravska, O.: Mobile resource guarantees. In: van Eekelen, M.C. J. D. (ed.) Revised Selected Papers from the Sixth Symposium on Trends in Functional Programming (TFP 2005), Intellect, pp. 211-226 (2007)

[15]

Barthe, G., Crégut, P., Grégoire, B., Jensen, T., Pichardie, D.: The MOBIUS Proof Carrying Code Infrastructure. In: de Boer, F. S., Bonsangue, M. M., Graf, S., de Roever, W.-P. (eds.) FMCO 2007. LNCS, vol. 5382, pp. 1-24. Springer, Heidelberg (2008)

Digital Library

[16]

Beringer, L., Hofmann, M., Momigliano, A., Shkaravska, O.: Automatic Certification of Heap Consumption. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS (LNAI), vol. 3452, pp. 347-362. Springer, Heidelberg (2005)

[17]

Albert, E., Puebla, G., Hermenegildo, M. V.: Abstraction-Carrying Code. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS (LNAI), vol. 3452, pp. 380-397. Springer, Heidelberg (2005)

[18]

Barthe, G., Pichardie, D., Rezk, T.: A Certified Lightweight Non-interference Java Bytecode Verifier. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 125-140. Springer, Heidelberg (2007)

Digital Library

[19]

Wildmoser, M., Nipkow, T.: Asserting Bytecode Safety. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 326-341. Springer, Heidelberg (2005)

Digital Library

[20]

Besson, F., Jensen, T. P., Pichardie, D.: Proof-carrying code from certified abstract interpretation and fixpoint compression. Theor. Comput. Sci. 364, 273-291 (2006)

Digital Library

[21]

Necula, G.C., Rahul, S. P.: Oracle-based checking of untrusted software. In: POPL 2001, pp. 142-154 (2001)

Digital Library

[22]

Wu, D., Appel, A. W., Stump, A.: Foundational proof checkers with small witnesses. In: Proceedings of the 5th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (PPDP 2003), pp. 264-274. ACM (2003)

Digital Library

[23]

Benton, N.: Simple relational correctness proofs for static analyses and program transformations. In: Jones, N. D., Leroy, X. (eds.) POPL 2004, pp. 14-25. ACM (2004)

Digital Library

[24]

Beringer, L., Hofmann, M.: Secure information flow and program logics. In: CSF 2007, pp. 233-248. IEEE Computer Society (2007)

Digital Library

[25]

Beringer, L.: Relational Decomposition. In: van Eekelen, M., Geuvers, H., Schmaltz, J., Wiedijk, F. (eds.) ITP 2011. LNCS, vol. 6898, pp. 39-54. Springer, Heidelberg (2011)

Digital Library

[26]

Darvas, Á., Hähnle, R., Sands, D.: A Theorem Proving Approach to Analysis of Secure Information Flow. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 193- 209. Springer, Heidelberg (2005)

Digital Library

[27]

Barthe, G., D'Argenio, P. R., Rezk, T.: Secure information flow by self-composition. In: 17th IEEE Computer Security FoundationsWorkshop (CSFW-17 2004), pp. 100-114. IEEE Computer Society (2004)

Digital Library

[28]

Dufay, G., Felty, A. P., Matwin, S.: Privacy-Sensitive Information Flow with JML. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 116-130. Springer, Heidelberg (2005)

Digital Library

[29]

Terauchi, T., Aiken, A.: Secure Information Flow as a Safety Problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352-367. Springer, Heidelberg (2005)

Digital Library

[30]

Appel, A. W.: Verified Software Toolchain. In: Barthe, G. (ed.) ESOP 2011. LNCS, vol. 6602, pp. 1-17. Springer, Heidelberg (2011)

Digital Library

[31]

Leroy, X.: Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In: POPL 2006, pp. 42-54 (2006)

Digital Library

Cited By

Hallerstede SHatcliff J(2023)A Mechanized Semantics for Component-Based Systems in the HAMR AADL RuntimeFormal Aspects of Component Software10.1007/978-3-031-52183-6_3(45-64)Online publication date: 26-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-52183-6_3
Robby Hatcliff J(2021)Slang: The Sireum Programming LanguageLeveraging Applications of Formal Methods, Verification and Validation10.1007/978-3-030-89159-6_17(253-273)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-89159-6_17
Schindler CGrundy JLe Goues CLo D(2020)Towards transparency-encouraging partial software disclosure to enable trust in data usageProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3415282(1167-1169)Online publication date: 21-Dec-2020
https://dl.acm.org/doi/10.1145/3324884.3415282
Show More Cited By

Index Terms

A certificate infrastructure for machine-checked proofs of conditional information flow

Index terms have been assigned to the content through auto-classification.

Recommendations

Machine checked proofs of the design of a fault-tolerant circuit
Abstract
We describe a formally verified implementation of the “Oral Messages” algorithm of Pease, Shostak and LamportJ. ACM (1980)27, 228–234;ACM TOPLAS (1982)4, 382–401. An abstract implementation of the algorithm is proved to achieve interactive ...
Machine-Checked Proofs for Realizability Checking Algorithms
VSTTE 2015: Revised Selected Papers of the 7th International Conference on Verified Software: Theories, Tools, and Experiments - Volume 9593

Virtual integration techniques focus on building architectural models of systems that can be analyzed early in the design cycle to try to lower cost, reduce risk, and improve quality of complex embedded systems. Given appropriate architectural ...
Semi-intelligible Isar Proofs from Machine-Generated Proofs

Sledgehammer is a component of the Isabelle/HOL proof assistant that integrates external automatic theorem provers (ATPs) to discharge interactive proof obligations. As a safeguard against bugs, the proofs found by the external provers are reconstructed ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

POST'12: Proceedings of the First international conference on Principles of Security and Trust

March 2012

429 pages

ISBN:9783642286407

Editors:
Pierpaolo Degano
Dipartimento di Informatica, Università di Pisa, Largo Bruno Pontecorvo, 3, Pisa, Italy
,
Joshua D. Guttman
Computer Science, Worcester Polytechnic Institute, 100 Institute Road, Worcester, MA, Italy

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 24 March 2012

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hallerstede SHatcliff J(2023)A Mechanized Semantics for Component-Based Systems in the HAMR AADL RuntimeFormal Aspects of Component Software10.1007/978-3-031-52183-6_3(45-64)Online publication date: 26-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-52183-6_3
Robby Hatcliff J(2021)Slang: The Sireum Programming LanguageLeveraging Applications of Formal Methods, Verification and Validation10.1007/978-3-030-89159-6_17(253-273)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-89159-6_17
Schindler CGrundy JLe Goues CLo D(2020)Towards transparency-encouraging partial software disclosure to enable trust in data usageProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3415282(1167-1169)Online publication date: 21-Dec-2020
https://dl.acm.org/doi/10.1145/3324884.3415282
Grimm NMaillard KFournet CHriţcu CMaffei MProtzenko JRamananandro TRastogi ASwamy NZanella-Béguelin SAndronick JFelty A(2018)A monadic framework for relational verification: applied to information security, program equivalence, and optimizationsProceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3167090(130-145)Online publication date: 8-Jan-2018
https://dl.acm.org/doi/10.1145/3167090
Hatcliff JLarson BBelt JRobby Zhang Y(2018)A Unified Approach for Modeling, Developing, and Assuring Critical SystemsLeveraging Applications of Formal Methods, Verification and Validation. Modeling10.1007/978-3-030-03418-4_14(225-245)Online publication date: 5-Nov-2018
https://dl.acm.org/doi/10.1007/978-3-030-03418-4_14
Isenberg TPlatzner MWehrheim HWiersema T(2017)Proof-Carrying Hardware via Inductive InvariantsACM Transactions on Design Automation of Electronic Systems10.1145/305474322:4(1-23)Online publication date: 20-Jul-2017
https://dl.acm.org/doi/10.1145/3054743
Jakobs MWehrheim H(2017)Programs from ProofsACM Transactions on Programming Languages and Systems10.1145/301442739:2(1-56)Online publication date: 10-Mar-2017
https://dl.acm.org/doi/10.1145/3014427
Nielson FRiis Nielson H(2017)Atomistic Galois insertions for flow sensitive integrityComputer Languages, Systems and Structures10.1016/j.cl.2017.06.00450:C(82-107)Online publication date: 1-Dec-2017
https://dl.acm.org/doi/10.1016/j.cl.2017.06.004
Li XNielson FRiis Nielson HMurray TStefan D(2016)Future-dependent Flow Policies with Prophetic VariablesProceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security10.1145/2993600.2993603(29-42)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2993600.2993603
Rafnsson WGarg DSabelfeld A(2016)Progress-Sensitive Security for SPARKProceedings of the 8th International Symposium on Engineering Secure Software and Systems - Volume 963910.1007/978-3-319-30806-7_2(20-37)Online publication date: 6-Apr-2016
https://dl.acm.org/doi/10.1007/978-3-319-30806-7_2
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents