Abstract
This paper proposes an extensional semantics-based formal specification of secure information-flow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments in the literature, and connections to other forms of program analysis. The approach is inspired by (and equivalent to) the use of partial equivalence relations in specifying binding-time analysis, and is thus able to specify security properties of higher-order functions and ”partially confidential data“. We extend the approach to handle nondeterminism by using powerdomain semantics and show how probabilistic security properties can be formalised by using probabilistic powerdomain semantics.
Chapter PDF
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi, A. Banerjee, N. Heintze, and J. Riecke. A core calculus of dependency. In POPL’ 99, Proceedings of the 26th Annual ACM Symposium on Principles of Programming Languages (January 1999), 1999.
M. Abadi and G. Plotkin. A per model of polymorphism and recursive Types. In Logic in Computer Science. IEEE, 1990.
G. R. Andrews and R. P. Reitman. An axiomatic approach to information flow in programs. ACM TOPLAS, 2(1):56–75, January 1980.
D.E. Bell and L.J. LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. MTR-2997, Rev. 1, The MITRE Corporation, Bedford, Mass., 1976.
Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504–513, July 1977.
Dorothy E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236–243, May 1976.
M. Das, T. Reps, and P. Van Hentenryck. Semantic foundations of bindingtime analysis for imperative programs. In Partial Evaluation and Semantics-Based Program Manipulation, pages 100–110, La Jolla, California, June 1995. ACM.
R. Focardi and R. Gorrieri. A classification of security properties for process Algebra. J. Computer Security, 3(1):5–33, 1994.
Joseph Goguen and José Meseguer. Security policies and security models. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, April 1982.
C. L. Hankin and D. Le Métayer. A type-based framework for program Analysis. In Proceedings of the First Static Analysis Symposium, volume 864 of LNCS. Springer-Verlag, 1994.
Nevin Heintze and Jon G. Riecke. The SLam calculus: Programming with secrecy and integrity. In Conference Record of POPL’98: The 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 365–377, San Diego, California, January 19–21, 1998.
S. Hunt and D. Sands. Binding Time Analysis: A New PERspective. In Proceedings of the ACM Symposium on Partial Evaluation and Semantics-Based Program Manipulation (PEPM’91), pages 154–164, September 1991. ACM SIGPLAN Notices 26(9).
F. Henglein and D. Sands. A semantic model of binding times for safe partial Evaluation. In Manuel Hermenegildo and S. Doaitse Swierstra, editors, Proc. Programming Languages: Implementations, Logics and Programs (PLILP), Utrecht, The Netherlands, volume 982 of Lecture Notes in Computer Science pages 299–320. Springer-Verlag, September 1995.
S. Hunt. PERs generalise projections for strictness analysis. In Draft Proceedings of the Third Glasgow Functional Programming Workshop, Ullapool, 1990.
L. S. Hunt. Abstract Interpretation of Functional Languages: From Theory to Practice. PhD thesis, Department of Computing, Imperial College of Science, Technology and Medicine, 1991.
T. P. Jensen. Abstract Interpretation in Logical Form. PhD thesis, Imperial College, University of London, November 1992. Available as DIKU Report 93/11 from DIKU, University of Copenhagen.
C. Jones and G. D. Plotkin. A probabilistic powerdomain of evaluations. In Proceedings, Fourth Annual Symposium on Logic in Computer Science, pages 186–195, Asilomar Conference Center, Pacific Grove, California, 5–8 June 1989. IEEE Computer Society Press.
J. Launchbury. Projection Factorisations in Partial Evaluation. PhD thesis, Department of Computing, University of Glasgow, 1989.
K. R. M. Leino and Rajeev Joshi. A semantic approach to secure information Flow. In MPC’98, Springer Verlag LNCS, 1998.
K. R. M. Leino and Rajeev Joshi. A semantic approach to secure information Flow. Science of Computer Programming, 1999. To appear.
John McLean. The specification and modeling of computer security. Computer, 23(1):9–16, January 1990.
J. McLean. Security models. In J. Marciniak, editor, Encyclopedia of Software Engineering. Wiley & Sons, 1994.
M. Mizuno and D. Schmidt. A security flow control algorithm and its denotational semantics correctness proof. itFormal Aspects of Computing, 4(6A):727-754, 1992.
F. Nielson. Two-level semantics and abstract interpretation — fundamental Studies. Theoretical Computer Science, (69):117–242, 90.
Peter Ørbæk and Jens Palsberg. Trust in the λ-calculus. Journal of Functional Programming, 7(4), 1997.
Peter Ørbæk. Can you Trust your Data? In M. I. Schwartzbach P. D. Mosses and M. Nielsen, editors, Proceedings of the TAPSOFT/FASE’95 Conference, LNCS 915, pages 575–590, Aarhus, Denmark, May 1995. Springer-Verlag.
G. D. Plotkin. A powerdomain construction. SIAM Journal on Computing, 5(3):452–487, 1976.
John C. Reynolds. Types, abstraction and parametric polymorphism. In R. E. A. Mason, editor, Proceedings 9th IFIP World Computer Congress, Information Processing’ 83, Paris, France, 19–23 Sept 1983, pages 513–523. North-Holland, Amsterdam, 1983.
Michael B. Smyth. Powerdomains. Journal of Computer and Systems Sciences, 16(1):23–36, February 1978.
Andrei Sabelfeld and David Sands. A per model of secure information flow in sequential programs. Technical report, Department of Computer Science, Chalmers University of Technology, 1999. http://www.cs.chalmers.se/~csreport/.
Geoffrey Smith and Dennis Volpano. Secure information flow in a multithreaded imperative language. In Conference Record of POPL’ 98: The 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 355–364, 1998.
P. Thiemann and H. Klaeren. Binding-time analysis by security analysis. Universitt Tübingen, November 1997.
Dennis Volpano and Geoffrey Smith. Probabilistic noninterference in a concurrent Language. In 11th IEEE Computer Security FoundationsWorkshop, pages 34–43, 1998.
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow Analysis. J. Computer Security, 4(3):1–21, 1996.
Philip Wadler. Theorems for free. In Functional Programming Languages and Computer Architecture, pages 347–359. ACM, 1989.
P. Wadler and R. J. M. Hughes. Projections for strictness analysis. In 1987 Conference on Functional Programming and Computer Architecture, pages 385–407, Portland, Oregon, September 1987.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sabelfeld, A., Sands, D. (1999). A Per Model of Secure Information Flow in Sequential Programs. In: Swierstra, S.D. (eds) Programming Languages and Systems. ESOP 1999. Lecture Notes in Computer Science, vol 1576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49099-X_4
Download citation
DOI: https://doi.org/10.1007/3-540-49099-X_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65699-9
Online ISBN: 978-3-540-49099-9
eBook Packages: Springer Book Archive