Language-based Security Abstract Non-interference

Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] C A {0} {0,!1,!2,!3,...} 0! {!2,!3} Abstract domain 0+ ? {0,1,2,3,...} Language-based Security: Abstract Non-Interferece – p.3/32 Abstract Interpretation Consider C = ℘(Z): [Cousot & Cousot’77]Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] Abstract domain C A {0} {0,1,2,3,...} {0,!1,!2,!3,...} 0! {!2,!3} 0+ ?domain C A {0} {0,1,2,3,...} {0,!1,!2,!3,...} 0! {!2,!3} 0+ ? Language-based Security: Abstract Non-Interferece – p.3/32 Abstract Interpretation Consider C = ℘(Z): [Cousot & Cousot’77]Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] Abstract domain C A {0} {0,!1,!2,!3,...} 0! {!2,!3} ? {0,1,2,3,...} 0+domain C A {0} {0,!1,!2,!3,...} 0! {!2,!3} ? {0,1,2,3,...} 0+ Language-based Security: Abstract Non-Interferece – p.3/32 Abstract Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] C A {0} {0,1,2,3,...} {0,!1,!2,!3,...} 0 0! {!2,!3} Abstract domain 0+Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] C A {0} {0,1,2,3,...} {0,!1,!2,!3,...} 0 0! {!2,!3} Abstract domain 0+ Language-based Security: Abstract Non-Interferece – p.3/32 Abstract Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] C A {0} {0,1,2,3,...} {0,!1,!2,!3,...} 0 0! {!2,!3} Abstract domain 0+Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] C A {0} {0,1,2,3,...} {0,!1,!2,!3,...} 0 0! {!2,!3} Abstract domain 0+ α, γ monotone, α(x) ≤ y ⇔ x ≤ γ(y), αγ(y) = y, γα(x) ≥ x γ(x) = W{ y ̨̨ ̨ α(y) ≤ x } def = α(x) and α(x) = V{ y ̨̨ ̨ x ≤ γ(y) } def = γ(x) Language-based Security: Abstract Non-Interferece – p.3/32 Abstract Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] C A {0} {0,1,2,3,...} {0,!1,!2,!3,...} 0 0! {!2,!3} Abstract domain 0+Interpretation Consider C = ℘(Z): [Cousot & Cousot’77] C A {0} {0,1,2,3,...} {0,!1,!2,!3,...} 0 0! {!2,!3} Abstract domain 0+ γα monotone, γα(x) ≥ x, γα(γα(x)) = γα(x) ⇒ Upper closure operator. Language-based Security: Abstract Non-Interferece – p.3/32 Abstract Interpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x >Interpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > Language-based Security: Abstract Non-Interferece – p.4/32 Abstract Interpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > A1 ' A2 ⇔ A2 ⊆ A1Interpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > A1 ' A2 ⇔ A2 ⊆ A1 Language-based Security: Abstract Non-Interferece – p.4/32 Abstract Interpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > A1 ' A2 ⇔ A2 ⊆ A1 (iAi = M(∪iAi)Interpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > A1 ' A2 ⇔ A2 ⊆ A1 (iAi = M(∪iAi) Language-based Security: Abstract Non-Interferece – p.4/32 Abstract Interpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > A1 ' A2 ⇔ A2 ⊆ A1 (iAi = M(∪iAi) )iAi = ∩iAiInterpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > A1 ' A2 ⇔ A2 ⊆ A1 (iAi = M(∪iAi) )iAi = ∩iAi Language-based Security: Abstract Non-Interferece – p.4/32 Abstract Interpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > A1 ' A2 ⇔ A2 ⊆ A1 (iAi = M(∪iAi) )iAi = ∩iAiInterpretation Consider the complete lattice < C,≤,∧,∨,⊥,$ >, Ai ∈ uco(C) Lattice of Abstract Domains ≡ Lattice uco A ≡ ρ(C) < uco(C),',(,), λx. $, λx. x > A1 ' A2 ⇔ A2 ⊆ A1 (iAi = M(∪iAi) )iAi = ∩iAi