research-article

Abstract Non-Interference: A Unifying Framework for Weakening Information-flow

Authors:

Roberto Giacobazzi,

Isabella MastroeniAuthors Info & Claims

ACM Transactions on Privacy and Security (TOPS), Volume 21, Issue 2

Article No.: 9, Pages 1 - 31

https://doi.org/10.1145/3175660

Published: 05 February 2018 Publication History

Abstract

Non-interference happens when some elements of a dynamic system do not interfere, i.e., do not affect, other elements in the same system. Originally introduced in language-based security, non-interference means that the manipulation of private information has no effect on public observations of data. In this article, we introduce abstract non-interference as a weakening of non-interference by abstract interpretation. Abstract non-interference is parametric on which private information we want to protect and which are the observational capabilities of the external observer, i.e., what the attacker can observe of a computation and of the data manipulated during the computation. This allows us to model a variety of situations in information-flow security, where the security of a system can be mastered by controlling the degree of precision of the strongest harmless attacker and the properties that are potentially leaked in case of successful attack.

References

[1]

Open Web Application Security Project (OWASP). 2016. Retrieved November 13, 2016 from https://www.owasp.org.

[2]

A. Askarov and S. Chong. 2012. Learning is change in knowledge: Knowledge-based security for dynamic policies. In Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF’12). 308-0-322.

Digital Library

[3]

A. Askarov and A. C. Myers. 2011. Attacker control and impact for confidentiality and integrity. Logical Methods in Computer Science 7, 3 (2011).

[4]

A. Askarov and A. Sabelfeld. 2007. Gradual release: Unifying declassification, encryption and key release policies. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Comput. Soc. Press, Los Alamitos, CA.

Digital Library

[5]

A. Askarov and A. Sabelfeld. 2007. Localized delimited release: Combining the what and the where dimensions of information release. In Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security (PLAS’07). ACM, New York, 53--60.

Digital Library

[6]

M. Assaf, D. A. Naumann, J. Signoles, E. Totel, and F. Tronel. 2017. Hypercollecting semantics and its application to static analysis of information flow. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’17). 874--887. http://dl.acm.org/citation.cfm?id=3009889

Digital Library

[7]

M. Balliu, M. Dam, and G. Le Guernic. 2011. Epistemic temporal logic for information flow security. In Proceedings of the 2011 Workshop on Programming Languages and Analysis for Security (PLAS’11). 6.

Digital Library

[8]

M. Balliu and I. Mastroeni. 2010. A weakest precondition approach to robustness. Transactions on Computational Science 10 (2010), 261--297.

Digital Library

[9]

A. Banerjee, D. A. Naumann, and S. Rosenberg. 2008. Expressive declassification policies and modular static enforcement. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (S8P’08). 339--353.

Digital Library

[10]

F. Bellini, R. Chiodi, and I. Mastroeni. 2016. MIME - A formal approach for multiple investigation in (android) malware emulation analysis. In Proceedings of the 8th International Symposium on Foundation and Practice of Security (FPS’15), Lecture Notes in Computer Science, Vol. 9482. Springer, 259--267.

[11]

D. Binkley, S. Danicic, T. Gyimóthy, M. Harman, Á. Kiss, and B. Korel. 2006. A formalisation of the relationship between forms of program slicing. Science of Computer Programming 62, 3 (2006), 228--252.

Digital Library

[12]

N. Broberg and D. Sands. 2009. Flow-sensitive semantics for dynamic information flow policies. In Proceedings of the ACM SIGPLAN 4th Workshop on Programming Languages and Analysis for Security (PLAS’09). ACM, New York, 101--112.

Digital Library

[13]

J. W. Bryans, M. Koutny, L. Mazaré, and P. Y. A. Ryan. 2008. Opacity generalised to transition systems. Interntional Journal of Information Security 7, 6 (2008), 421--435.

Digital Library

[14]

S. Buro and I. Mastroeni. 2018. Abstract code injection - A semantic approach based on abstract non-interference. In Proceedings of the 19th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’18), Lecture Notes in Computer Science. Springer-Verlag. To appear.

[15]

E. S. Cohen. 1978. Information transmission in sequential programs. In Foundations of Secure Computation, DeMillo et al. (Ed.). Academic Press, New York, 297--335.

[16]

P. Cousot. 2001. Abstract interpretation based formal methods and future challenges. In Informatics - 10 Years Back. 10 Years Ahead. 138--156.

Digital Library

[17]

P. Cousot. 2002. Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theoretical Computer Science 277, 1--2 (2002), 47--103.

Digital Library

[18]

P. Cousot and R. Cousot. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Conference Record of the 4th ACM Symposium on Principles of Programming Languages (POPL’77). ACM, New York, 238--252.

Digital Library

[19]

P. Cousot and R. Cousot. 1979. Constructive versions of Tarski’s fixed point theorems. Pacific Journal of Mathematics 82, 1 (1979), 43--57.

[20]

P. Cousot and R. Cousot. 1979. Systematic design of program analysis frameworks. In Proceedings of the Conference Record of the 6th ACM Symposium on Principles of Programming Languages (POPL’79). ACM, New York, 269--282.

Digital Library

[21]

P. Cousot and R. Cousot. 2002. Systematic design of program transformation frameworks by abstract interpretation. In Proceedings of the Conference Record of the 29th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. ACM, New York, 178--190.

Digital Library

[22]

S. Danicic, R. W. Barraclough, M. Harman, J. D. Howroyd, Á. Kiss, and M. R. Laurence. 2011. A unifying theory of control dependence and its application to arbitrary program structures. Theoretical Computer Science 412, 49 (2011), 6809--6842.

Digital Library

[23]

B. A. Davey and H. A. Priestley. 1990. Introduction to Lattices and Order. Cambridge University Press, Cambridge, UK.

[24]

R. Giacobazzi and I. Mastroeni. 2004. Abstract non-interference: Parameterizing non-interference by abstract interpretation. In Proceedings of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’04). ACM, New York, 186--197.

Digital Library

[25]

R. Giacobazzi and I. Mastroeni. 2010. Adjoining classified and unclassified information by abstract interpretation. Journal of Computer Security 18, 5 (2010), 751--797.

Digital Library

[26]

R. Giacobazzi and I. Mastroeni. 2010. A proof system for abstract non-interference. Journal of Logic and Computation 20, 2 (2010), 449--479.

Digital Library

[27]

R. Giacobazzi and F. Ranzato. 1997. Refining and compressing abstract domains. In Proceedings of the 24th International Colloquium on Automata, Languages and Programming (ICALP’97), Lecture Notes in Computer Science, Vol. 1256, P. Degano, R. Gorrieri, and A. Marchetti-Spaccamela (Eds.). Springer-Verlag, Berlin, 771--781.

Digital Library

[28]

R. Giacobazzi, F. Ranzato, and F. Scozzari. 2000. Making abstract interpretations complete. Journal of the ACM 47, 2 (2000), 361--416.

Digital Library

[29]

J. A. Goguen and J. Meseguer. 1982. Security policies and security models. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Comp. Soc. Press, Los Alamitos, CA, 11--20.

[30]

S. Hunt and I. Mastroeni. 2005. The PER model of abstract non-interference. In Proceedings of the 12th International Static Analysis Symposium (SAS’05), Lecture Notes in Computer Science, Vol. 3672, C. Hankin and I. Siveroni (Eds.). Springer-Verlag, Berlin, 171--185.

Digital Library

[31]

M. G. Kang, H. Yin, S. Hanna, S. McCamant, and D. Song. 2009. Emulating emulation-resistant malware. In Proceedings of the 1st ACM Workshop on Virtual Machine Security (VMSec’09). ACM, New York, 11--22.

Digital Library

[32]

P. Li and S. Zdancewic. 2005. Downgrading policies and relaxed noninterference. In Proceedings of the 32nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’05). ACM, New York, 158--170.

Digital Library

[33]

I. Mastroeni. 2005. On the rôle of abstract non-interference in language-based security. In Proceedings of the 3rd Asian Symposium on Programming Languages and Systems (APLAS’05), Lecture Notes in Computer Science, Vol. 3780, K. Yi (Ed.). Springer-Verlag, Berlin, 418--433.

Digital Library

[34]

I. Mastroeni. 2008. Deriving bisimulations by simplifying partitions. In Proceedings of the 9th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’08), Lecture Notes in Computer Science, Vol. 4905. Springer-Verlag, New York, 147--171.

Digital Library

[35]

I. Mastroeni. 2013. Abstract interpretation-based approaches to security - A survey on abstract non-interference and its challenging applications. In Semantics, Abstract Interpretation, and Reasoning about Programs: Essays Dedicated to David A. Schmidt on the Occasion of his Sixtieth Birthday, Manhattan, Kansas, USA, 19-20th September 2013. 41--65.

[36]

I. Mastroeni and A. Banerjee. 2011. Modelling declassification policies using abstract domain completeness. Mathematical Structures in Computer Science 21, 6 (2011), 1252--1299.

Digital Library

[37]

I. Mastroeni and D. Nikolic. 2010. Abstract program slicing: From theory towards an implementation. In Proceedings of the 12th International Conference on Formal Engineering Methods (ICFEM’10), Lecture Notes in Computer Science, Vol. 6447. Springer, 452--467.

Digital Library

[38]

I. Mastroeni and M. Pasqua. 2017. Hyperhierarchy of semantics - A formal framework for hyperproperties verification. In Proceedings of the Static Analysis Symposium (SAS’17), Vol. 10422. Springer, 232--252.

[39]

I. Mastroeni and D. Zanardini. 2008. Data dependencies and program slicing: From syntax to abstract semantics. In Proceedings of the ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation (PEPM’08). ACM, 125--134.

Digital Library

[40]

I. Mastroeni and D. Zanardini. 2017. Abstract program slicing: An abstract interpretation-based approach to program slicing. ACM Transactions on Computational Logic 18, 1 (2017), 7:1--7:58.

Digital Library

[41]

A. Miné. 2006. The octagon abstract domain. Higher-Order and Symbolic Computation 19, 1 (2006), 21--100.

Digital Library

[42]

R. Paige and R. E. Tarjan. 1987. Three partition refinement algorithms. SIAM Journal on Computing 16, 6 (1987), 977--982.

Digital Library

[43]

Donald Ray and Jay Ligatti. 2012. Defining code-injection attacks. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’12). ACM, New York, 179--190.

Digital Library

[44]

A. Sabelfeld and A. C. Myers. 2003. Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 1 (2003), 5--19.

Digital Library

[45]

A. Sabelfeld and A. C. Myers. 2004. A model for delimited information release. In Proceedings of the International Symposium on Software Security (ISSS’03), Lecture Notes in Computer Science, Vol. 3233, N. Yonezaki K. Futatsugi, F. Mizoguchi (Ed.). Springer-Verlag, Berlin, 174--191.

[46]

A. Sabelfeld and D. Sands. 2001. A PER model of secure information flow in sequential programs. Higher-Order and Symbolic Computation 14, 1 (2001), 59--91.

Digital Library

[47]

A. Sabelfeld and D. Sands. 2009. Declassification: Dimensions and principles. Journal of Computer Security 17, 5 (Oct. 2009), 517--548.

Digital Library

[48]

A. Sabelfeld and D. Schoepe. 2015. Understanding and enforcing opacity. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF’15). IEEE Comput. Soc. Press. To appear.

Digital Library

[49]

M. Vanhoef, W. De Groef, D. Devriese, F. Piessens, and T. Rezk. 2014. Stateful declassification policies for event-driven programs. In Proceedings of the IEEE 27th Computer Security Foundations Symposium (CSF’14). 293--307.

Digital Library

[50]

M. Weiser. 1984. Program slicing. IEEE Transactions on Software Engineering 10, 4 (1984), 352--357.

Digital Library

[51]

G. Winskel. 1993. The Formal Semantics of Programming Languages: An Introduction. MIT Press, Cambridge, MA.

Digital Library

[52]

D. Zanardini. 2008. The semantics of abstract program slicing. In Proceedings of the 8th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM’08). 89--98.

[53]

S. Zdancewic and A. C. Myers. 2001. Robust declassification. In Proceedings of the IEEE Computer Security Foundations Workshop. IEEE Comput. Soc. Press, Los Alamitos, CA, 15--23.

Digital Library

Cited By

Giacobazzi RMastroeni IPerantoni E(2024)Adversities in Abstract Interpretation - Accommodating Robustness by Abstract InterpretationACM Transactions on Programming Languages and Systems10.1145/364930946:2(1-31)Online publication date: 24-Feb-2024
https://dl.acm.org/doi/10.1145/3649309
Hunt SSands DStucki S(2023)Reconciling Shannon and Scott with a Lattice of Computable InformationProceedings of the ACM on Programming Languages10.1145/35717407:POPL(1987-2016)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571740
Shi CLi HWang ZLi FYu MGuo Y(2023)Overview of Cross-Domain Access Control2023 IEEE Smart World Congress (SWC)10.1109/SWC57546.2023.10448810(1-8)Online publication date: 28-Aug-2023
https://doi.org/10.1109/SWC57546.2023.10448810
Show More Cited By

Index Terms

Abstract Non-Interference: A Unifying Framework for Weakening Information-flow
1. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification

Recommendations

Abstract non-interference: parameterizing non-interference by abstract interpretation
POPL '04

In this paper we generalize the notion of non-interference making it parametric relatively to what an attacker can analyze about the input/output information flow. The idea is to consider attackers as data-flow analyzers, whose task is to reveal ...
Abstract non-interference: parameterizing non-interference by abstract interpretation
POPL '04: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages

In this paper we generalize the notion of non-interference making it parametric relatively to what an attacker can analyze about the input/output information flow. The idea is to consider attackers as data-flow analyzers, whose task is to reveal ...
The PER model of abstract non-interference
SAS'05: Proceedings of the 12th international conference on Static Analysis

In this paper, we study the relationship between two models of secure information flow: the PER model (which uses equivalence relations) and the abstract non-interference model (which uses upper closure operators). We embed the lattice of equivalence ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security

ACM Transactions on Privacy and Security Volume 21, Issue 2

May 2018

159 pages

ISSN:2471-2566

EISSN:2471-2574

DOI:10.1145/3175499

Editor:
David Basin
ETH Zurich, Switzerland

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 February 2018

Accepted: 01 December 2017

Revised: 01 September 2017

Received: 01 May 2017

Published in TOPS Volume 21, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
389
Total Downloads

Downloads (Last 12 months)51
Downloads (Last 6 weeks)12

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Giacobazzi RMastroeni IPerantoni E(2024)Adversities in Abstract Interpretation - Accommodating Robustness by Abstract InterpretationACM Transactions on Programming Languages and Systems10.1145/364930946:2(1-31)Online publication date: 24-Feb-2024
https://dl.acm.org/doi/10.1145/3649309
Hunt SSands DStucki S(2023)Reconciling Shannon and Scott with a Lattice of Computable InformationProceedings of the ACM on Programming Languages10.1145/35717407:POPL(1987-2016)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571740
Shi CLi HWang ZLi FYu MGuo Y(2023)Overview of Cross-Domain Access Control2023 IEEE Smart World Congress (SWC)10.1109/SWC57546.2023.10448810(1-8)Online publication date: 28-Aug-2023
https://doi.org/10.1109/SWC57546.2023.10448810
Mastroeni IPasqua M(2023)Domain Precision in Galois Connection-Less Abstract InterpretationStatic Analysis10.1007/978-3-031-44245-2_19(434-459)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44245-2_19
Giacobazzi RMastroeni IPerantoni E(2023)How Fitting is Your Abstract Domain?Static Analysis10.1007/978-3-031-44245-2_14(286-309)Online publication date: 22-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44245-2_14
Esposito AAldini ABernardo M(2023)Branching Bisimulation Semantics Enables Noninterference Analysis of Reversible SystemsFormal Techniques for Distributed Objects, Components, and Systems10.1007/978-3-031-35355-0_5(57-74)Online publication date: 10-Jun-2023
https://doi.org/10.1007/978-3-031-35355-0_5
Miguel-Tomé SSánchez-Lázaro ÁAlonso-Romero L(2022)Fundamental Physics and Computation: The Computer-Theoretic FrameworkUniverse10.3390/universe80100408:1(40)Online publication date: 11-Jan-2022
https://doi.org/10.3390/universe8010040
Mastroeni IPasqua MHong JBures MPark JCerny T(2022)Verifying opacity by abstract interpretationProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507119(1817-1826)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507119
Mastroeni IArceri V(2021)Improving Dynamic Code Analysis by Code AbstractionElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.341.2341(17-32)Online publication date: 6-Sep-2021
https://doi.org/10.4204/EPTCS.341.2
Zhou ZReiter M(2021)Interpretable noninterference measurement and its application to processor designsProceedings of the ACM on Programming Languages10.1145/34855185:OOPSLA(1-30)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3485518
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents