Abstract Interpretation to Check Secure Information Flow in Programs with Input-Output Security Annotations
نویسندگان
چکیده
Interpretation to Check Secure Information Flow in Programs with Input-Output Security Annotations N. De Francesco L. Martini Dipartimento di Ingegneria dell’Informazione, Università di Pisa, Formal Aspects of Security and Trust, Newcastle upon Tyne, 18-19 July 2005 N. De Francesco, L. Martini AI to Check SIF in programs with I/O Security Annotations Preliminaries The Two Semantics Examples Summary
منابع مشابه
A tool to check operational properties of Prolog programs with application to program construction and program optimization – Tool demonstration
We present a tool, based on abstract interpretation, that checks the correctness of an annotated Prolog program with respect to formal specifications of its procedures. Specifications describe operational properties such as mode, type, sharing, linearity, and size of input/output terms, occur-check freeness, conditions for sure success and failure, number of solutions to a call, including deter...
متن کاملUsing Standard Verifier to Check Secure Information Flow in Java Bytecode
When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser, security problems may arise. Here we present a method to check illicit ows in Java bytecode, that exploits the type-level abstract interpretation of bytecode veri cation. We present an algorithm transformi...
متن کاملCombining Graph-Based and Deductive Information-Flow Analysis for Proving Non-Interference
Modern systems are getting more and more complex. This is especially crucial for securitycritical systems, as with increasing complexity, also errors/bugs are more likely to occur. Information flow control (IFC) is a category of techniques for enforcing information flow properties and thus for ensuring that systems are secure. An approach that uses a combination of automatic and interactive tec...
متن کاملJCSI: A tool for checking secure information flow in Java Card applications
This paper describes a tool for checking secure information flow in Java Card applications. The tool performs a static analysis of Java Card CAP files and includes a CAP viewer. The analysis is based on the theory of abstract interpretation and on a multi-level security policy assignment. Actual values of variables are abstracted into security levels, and bytecode instructions are executed over...
متن کاملVerifying Weak Probabilistic Noninterference
Weak probabilistic noninterference is a security property for enforcing confidentiality in multi-threaded programs. It aims to guarantee secure flow of information in the program and ensure that sensitive information does not leak to attackers. In this paper, the problem of verifying weak probabilistic noninterference by leveraging formal methods, in particular algorithmic verification, is disc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005