article

Proving Noninterference and Functional Correctness Using Traces

Author:

John McLeanAuthors Info & Claims

Journal of Computer Security, Volume 1, Issue 1

Pages 37 - 57

Published: 01 January 1992 Publication History

Abstract

The trace method of software specification is extended to provide a natural semantics for a procedural programming language. This extension provides a method for proving program correctness that permits a direct proof of program Noninterference without having to produce an intermediate finite state machine and unwinding conditions. This approach provides a uniform framework for reasoning about abstract software system specifications and their implementations. It also allows us to prove security at an abstract level so that changes to programs that do not affect functional behavior will not affect the security proof.

References

[1]

J. Andrews and G. MacEwen, A Review of Tools and Methods for System Assurance, Report 2207-6-AF54/02-SV, Canadian Department of National Defence Research and Development Branch, (1990).

[2]

W. Bartussek and D. L. Parnas, Using Traces To Write Abstract Specifications For Software Modules, Report TR 77-012, University of North Carolina, Chapel Hill, N. C. (December 1977). Reprinted in Software Specification Techniques (N. Gehani and A. M. Gettrick eds.), Addison-Wesley, (1986).

[3]

D. E. Bell and L. J. LaPadula, Secure Computer System: Unified Exposition and Multics Interpretation, MTR-2997, MITRE Corp., Bedford, MA, Available as NTIS AD A023 588, (March 1976).

[4]

L. Bougé, N. Choquet, L. Fribourg, and M. Gaudel, "Application of Prolog to Test Sets Generation from Algebraic Specifications", in Proc. Intl. Joint Conference on Theory and Practice of Software Development, Springer-Verlag, March 1985.

[5]

C. Cross, A Trace Specification of the MMS Security Model, Naval Research Laboratory, Washington, D. C., 1988.

[6]

O. J. Dahl, "Object Orientation and Formal Techniques", in Lecture Notes in Computer Science vol. 428, Springer Verlag, New York, 1990.

[7]

T. Fine, "Constructively Using Noninterference to Analyze Systems", in Proc. 1990 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, May 1990.

[8]

J. A. Goguen and J. Meseguer, "Security Policies and Security Models", in Proc. 1982 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, April 1982.

[9]

J. A. Goguen and J. Meseguer, "Unwinding and Inference Control", in Proc. 1984 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, April 1984.

[10]

J. Graham-Cumming and J. Sanders, "On the Refinement of Non-Interference", pp. 35-42 in Proc. Computer Security Foundations Workshop IV, IEEE Computer Society Press, June 1991.

[11]

J. Gray, "Toward a Mathematical Foundation for Information Flow Security", pp. 21-34 in Proc. 1991 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1991.

[12]

C. Heitmeyer and J. McLean, "Abstract Requirements: A New Approach and Its Application", IEEE Transactions on Software Engineering SE-9, (September 1983), 580-589.

Digital Library

[13]

C. A. R. Hoare, "An Axiomatic Basis for Computer Programming", Comm. ACM 12, (October 1969), 576-580.

Digital Library

[14]

C. A. R. Hoare, "Proof of Correctness of Data Representations", Acta Informatica 1, (1972), 271-281.

Digital Library

[15]

D. Hoffman, "The Trace Specification of Communication Protocols", IEEE Transactions on Computers c-34, (Dec. 1985), 1102-1113.

[16]

J. Jacob, "On the Derivation of Secure Components", Proc. 1989 IEEE Symposium on Security and Privacy, Oakland, CA., (1989).

[17]

D. Lamb, Software Engineering: Planning for Change, Prentice Hall, Englewood Cliffs, 1988.

Digital Library

[18]

L. Lamport, "A Simple Approach to Specifying Concurrent Systems", Communications of the ACM 32, (January 1989), 32-45.

Digital Library

[19]

D. McCullough, "Specifications for Multi-Level Security and a Hook-up Property", in Proc. 1987 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, April 1987.

[20]

D. McCullough, "Noninterference and the Composability of Security Properties", in Proc. 1988 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, April 1988.

[21]

J. McLean, "A Complete System of Temporal Logic for Specification Schemata", pp. 360-370 in Logics of Programs (D. Kozen, ed.), Springer-Verlag, New York, 1984.

[22]

J. McLean, "A Formal Method for the Abstract Specification of Software", J. ACM 31, (July 1984), 600-627.

Digital Library

[23]

J. McLean, "Two Dogmas of Program Specification", Proc. of Verification Workshop III. In ACM SIGSOFT Softw. Eng. Notes 10, (Aug. 1985), 85-87.

[24]

J. McLean, Using Trace Specifications for Program Semantics and Verification, Report 9033, Naval Research Laboratory, (April 1987).

[25]

J. McLean and C. Meadows, "The Reliable Specification of Software", in Proc. COMPASS 88, IEEE, 1988.

[26]

J. McLean, "Specifying and Modeling Computer Security", IEEE Computer 23, (January 1990), 9-16.

Digital Library

[27]

J. McLean, "Security Models and Information Flow", in Proc. 1990 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, May 1990.

[28]

D. L. Parnas, "The Use of Precise Specifications in the Development of Software", pp. 861-867 in Proceedings of IFIP 77, North Holland, 1977.

[29]

D. L. Parnas and Y. Wang, The Trace Assertion Method of Module Interface Specification, Report 89-261, Department of Computing and Information Science, Queen's University, (1989).

Cited By

Wolf FMüller PLuo BLiao XXu JKirda ELie D(2024)Verifiable Security Policies for Distributed SystemsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690303(4-18)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690303
Hainry EPéchoux R(2023)A General Noninterference Policy for Polynomial TimeProceedings of the ACM on Programming Languages10.1145/35712217:POPL(806-832)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571221
Hu WArdeshiricham AKastner R(2021)Hardware Information Flow TrackingACM Computing Surveys10.1145/344786754:4(1-39)Online publication date: 3-May-2021
https://dl.acm.org/doi/10.1145/3447867
Show More Cited By

Proving Noninterference and Functional Correctness Using Traces
1. Theory of computation
  1. Semantics and reasoning

Recommendations

Using Context-Sensitive Rewriting for Proving Innermost Termination of Rewriting

Computational systems based on reducing expressions usually have a predefined reduction strategy to break down the nondeterminism which is inherent to reduction relations. The innermost strategy corresponds to call by value or eager computation, that is,...
Proving concurrent noninterference
CPP'12: Proceedings of the Second international conference on Certified Programs and Proofs

We perform a formal analysis of compositionality techniques for proving possibilistic noninterference for a while language with parallel composition. We develop a uniform framework where we express a wide range of noninterference variants from the ...
Structure and Properties of Traces for Functional Programs

The tracer Hat records in a detailed trace the computation of a program written in the lazy functional language Haskell. The trace can then be viewed in various ways to support program comprehension and debugging. The trace was named the augmented redex ...

Comments

Information & Contributors

Information

Published In

cover image Journal of Computer Security

Journal of Computer Security Volume 1, Issue 1

January 1992

127 pages

ISSN:0926-227X

Issue’s Table of Contents

Publisher

IOS Press

Netherlands

Publication History

Published: 01 January 1992

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wolf FMüller PLuo BLiao XXu JKirda ELie D(2024)Verifiable Security Policies for Distributed SystemsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690303(4-18)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690303
Hainry EPéchoux R(2023)A General Noninterference Policy for Polynomial TimeProceedings of the ACM on Programming Languages10.1145/35712217:POPL(806-832)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571221
Hu WArdeshiricham AKastner R(2021)Hardware Information Flow TrackingACM Computing Surveys10.1145/344786754:4(1-39)Online publication date: 3-May-2021
https://dl.acm.org/doi/10.1145/3447867
Noroozi ASalehi KKarimpour JIsazadeh A(2019)Secure Information Flow Analysis Using the PRISM Model CheckerInformation Systems Security10.1007/978-3-030-36945-3_9(154-172)Online publication date: 16-Dec-2019
https://dl.acm.org/doi/10.1007/978-3-030-36945-3_9
İleri AChajed TChlipala AKaashoek MZeldovich NArpaci-Dusseau AVoelker G(2018)Proving confidentiality in a file system using DISKSECProceedings of the 13th USENIX conference on Operating Systems Design and Implementation10.5555/3291168.3291192(323-338)Online publication date: 8-Oct-2018
https://dl.acm.org/doi/10.5555/3291168.3291192
Subramanyan PSinha RLebedev IDevadas SSeshia SThuraisingham BEvans DMalkin TXu D(2017)A Formal Foundation for Secure Remote Execution of EnclavesProceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security10.1145/3133956.3134098(2435-2450)Online publication date: 30-Oct-2017
https://dl.acm.org/doi/10.1145/3133956.3134098
Sinha RRajamani SSeshia SVaswani KRay ILi NKruegel C(2015)MoatProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813608(1169-1184)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2810103.2813608
Balliu MDam MGuanciale RAhn GYung MLi N(2014)Automating Information Flow Analysis of Low Level CodeProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660322(1080-1091)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660322
Tao JSlutzki GHonavar V(2014)A Conceptual Framework for Secrecy-preserving Reasoning in Knowledge BasesACM Transactions on Computational Logic10.1145/263747716:1(1-32)Online publication date: 29-Dec-2014
https://dl.acm.org/doi/10.1145/2637477
Muller SChong S(2012)Towards a practical secure concurrent languageACM SIGPLAN Notices10.1145/2398857.238462147:10(57-74)Online publication date: 19-Oct-2012
https://dl.acm.org/doi/10.1145/2398857.2384621
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents