Specification and checking of software contracts for conditional information flow

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5014 LNCS, Issue , 2008, Pages 229-245

  Amtoft, Torben ^a   Hatcliff, John ^a   Rodríguez, Edwin ^a   Robby, ^a   Hoag, Jonathan ^a   Greve, David ^b  

^a KANSAS STATE UNIVERSITY   (United States)

^b ROCKWELL COLLINS   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AIRCRAFT LANDING SYSTEMS; CONTRACTS; ELECTRIC SPARKS; FORMAL LOGIC; SPECIFICATIONS;

HEIDELBERG (CO); INFORMATION ASSURANCE (IA); INFORMATION FLOW POLICIES; INFORMATION FLOWS; INTERNATIONAL SYMPOSIUM; MULTI LEVEL (ML); SOFTWARE CONTRACTS; SPECIFICATION AND VERIFICATION; SYSTEM COMPONENTS;

FORMAL METHODS;

EID: 47249138713     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-68237-0_17     Document Type: Conference Paper

References (27)

1. Amtoft, T., Bandhakavi, S., Banerjee, A.: A logic for information flow in object-oriented programs. In: 33rd Principles of Programming Languages (POPL), pp. 91-102 (2006)
2. Amtoft, T., Banerjee, A.: Information Flow Analysis in Logical Form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100-115. Springer, Heidelberg (2004)
3. Amtoft, T., Banerjee, A.: A logic for information flow analysis with an application to forward slicing of simple imperative programs. Science of Comp. Prog. 64(1), 3-28 (2007)
4. Amtoft, T., Banerjee, A.: Verification condition generation for conditional information flow. In: 5th ACM Workshop on Formal Methods in Security Engineering (FMSE), pp. 2-11 (2007); A long version, with proofs, appears as technical report KSU CIS TR 2007-2
5. Amtoft, T., Hatcliff, J., Rodriguez, E., Robby, Hoag, J., Greve, D.: Specification and checking of software contracts for conditional information flow (extended version). Technical Report SAnToS-TR2007-5, KSU CIS (2007), http://www.sireum.org
6. Banerjee, A., Naumann, D.A.: Stack-based access control and secure information flow. Journal of Functional Programming 2(15), 131-177 (2005)
7. Barnes, J.: High Integrity Software - the SPARK Approach to Safety and Security. Addison-Wesley, Reading (2003)
8. Barthe, G., D'Argenio, P., Rezk, T.: Secure information flow by self-composition. In: Foccardi, R. (ed.) CSFW 2004, pp. 100-114. IEEE Press, Los Alamitos (2004)
9. Bergeretti, J.-F., Carré, B.A.: Information-flow and data-flow analysis of while-programs. ACM TOPLAS 7(1), 37-61 (1985)
10. Chapman, R., Hilton, A.: Enforcing security and safety models with an information flow analysis tool. In: SIGAda 2004, Atlanta, Georgia, November 2004, pp. 39-46. ACM, New York (2004)
11. Darvas, A., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 193-209. Springer, Heidelberg (2005)
12. Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11-20 (1982)
13. Greve, D., Wilding, M., Vanfleet, W.M.: A separation kernel formal security policy. In: 4th International Workshop on the ACL2 Prover and its Applications (ACL2-2003) (2003)
14. Heitmeyer, C.L., Archer, M., Leonard, E.I., McLean, J.: Formal specification and verification of data separation in a separation kernel for an embedded system. In: 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 346-355 (2006)
15. Jackson, D., Thomas, M., Millett, L.I. (eds.): Software for Dependable Systems: Sufficient Evidence? National Academies Press, Washington (2007); Committee on Certifiably Dependable Software Systems, National Research Council
16. Kaufmann, M., Manolios, P., Moore, J.S.: Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, Dordrecht (2000)
17. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: POPL 1999, San Antonio, Texas, pp. 228-241. ACM Press, New York (1999)
18. Naumann, J.D.A.: From Coupling Relations to Mated Invariants for Checking Information Flow. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 279-296. Springer, Heidelberg (2006)
19. Owre, S., Rushby, J.M., Shankar, N.: PVS: A prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, Springer, Heidelberg (1992)
20. Rossebo, B., Oman, P., Alves-Foss, J., Blue, R., Jaszkowiak, P.: Using SPARK-Ada to model and verify a MILS message router. In: Proceedings of the International Symposium on Secure Software Engineering (2006)
21. Rushby, J.: The design and verification of secure systems. In: 8th ACM Symposium on Operating Systems Principles, vol. 15(5), pp. 12-21 (1981)
22. Simonet, V.: Flow Caml in a nutshell. In: Hutton, G. (ed.) First APPSEM-II workshop, March 2003, pp. 152-165 (2003)
23. Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM TOSEM 15(4), 410-457 (2006)
24. Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352-367. Springer, Heidelberg (2005)
25. Vanfleet, M., Luke, J., Beckwith, R.W., Taylor, C., Calloni, B., Uchenick, G.: MILS: Architecture for high-assurance embedded computing. CrossTalk: The Journal of Defense Software Engineering (August 2005)
26. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(3), 167-188 (1996)
27. Sireum website, http://www.sireum.org