Abstract
This paper proposes a formal framework for studying information flow security in component-based systems. The security policy is defined and verified from the early steps of the system design. Two kinds of non-interference properties are formally introduced and for both of them, sufficient conditions that ensures and simplifies the automated verification are proposed. The verification is compositional, first locally, by checking the behavior of every atomic component and then globally, by checking the inter-components communication and coordination. The potential benefits are illustrated on a concrete case study about constructing secure heterogeneous distributed systems.
The research leading to these results has received funding from the European Community’s Seventh Framework Programme [FP7/2007-2013] under grant agreement ICT-318772 (D-MILS).
Chapter PDF
Similar content being viewed by others
Keywords
References
Accorsi, R., Lehmann, A.: Automatic information flow analysis of business process models. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 172–187. Springer, Heidelberg (2012)
Abdellatif, T., Sfaxi, L., Robbana, R., Lakhnech, Y.: Automating information flow control in component-based distributed systems. In: 14th International ACM Sigsoft Symposium on Component Based Software Engineering (CBSE 2011), pp. 73–82. ACM (2011)
Accorsi, R., Wonnemann, C., Dochow, S.: Swat: A security workflow analysis toolkit for reliably secure process-aware information systems. In: Sixth International Conference on Availability, Reliability and Security, ARES 2011, pp. 692–697. IEEE (2011)
Basu, A., Bensalem, S., Bozga, M., Combaz, J., Jaber, M., Nguyen, T.-H., Sifakis, J.: Rigorous component-based design using the BIP framework. IEEE Software, Special Edition – Software Components beyond Programming – from Routines to Services 28(3), 41–48 (2011)
Bartolini, C., Bertolino, A., Marchetti, E., Parissis, I.: Data Flow-Based Validation of Web Services Compositions: Perspectives and Examples. In: de Lemos, R., Di Giandomenico, F., Gacek, C., Muccini, H., Vieira, M. (eds.) Architecting Dependable Systems V. LNCS, vol. 5135, pp. 298–325. Springer, Heidelberg (2008)
Basu, A., Bozga, M., Sifakis, J.: Modeling Heterogeneous Real-time Systems in BIP. In: Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2006), pp. 3–12. IEEE Computer Society Press (2006)
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from uml models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15, 39–91 (2006)
Bell, E.D., La Padula, J.L.: Secure computer system: Unified exposition and Multics interpretation (1976)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM, 504–513 (1977)
Efstathopoulos, P., Krohn, M., VanDeBogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., Morris, R.: Labels and Event Processes in the Asbestos Operating System. SIGOPS Operating Systems Review 39(5), 17–30 (2005)
Focardi, R., Gorrieri, R.: Classification of Security Properties (Part I: Information Flow). In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)
Frau, S., Gorrieri, R., Ferigato, C.: Petri net security checker: Structural non-interference at work. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 210–225. Springer, Heidelberg (2009)
Focardi, R., Rossi, S., Sabelfeld, A.: Bridging language-based and process calculi security. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 299–315. Springer, Heidelberg (2005)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Hutter, D., Volkamer, M.: Information flow control to secure dynamic web service composition. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds.) SPC 2006. LNCS, vol. 3934, pp. 196–210. Springer, Heidelberg (2006)
Richard Kuhn, D.: Role Based Access Control on MLS Systems without Kernel Changes. In: ACM Workshop on Role Based Access Control (RBAC 1998), pp. 25–32. ACM (1998)
Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Frans Kaashoek, M., Kohler, E., Morris, R.: Information Flow Control for Standard OS Abstractions. SIGOPS Operating Systems Review 41(6), 321–334 (2007)
Mantel, H.: Possibilistic Definitions of Security - An Assembly Kit. In: 13th IEEE Workshop on Computer Security Foundations (CSFW 2000), p. 185. IEEE Computer Society (2000)
McCullough, D.: Noninterference and the composability of security properties. In: Security and Privacy (SP 1988), pp. 177–186. IEEE Computer Society (1988)
McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Security and Privacy (SP 1994), p. 79. IEEE Computer Society (1994)
Rushby, J.: Noninterference, transitivity, and channel-control security policies. Technical Report CSL-92-2, SRI International (1992)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)
Shen, J., Qing, S., Shen, Q., Li, L.: Covert channel identification founded on information flow analysis. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-M., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 381–387. Springer, Heidelberg (2005)
Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. Higher Order Symbolic Computation 14(1), 59–91 (2001)
Seehusen, F., Stølen, K.: A Method for Model-driven Information Flow Security. In: Dependability and Computer Engineering: Concepts for Software-Intensive Systems, pp. 199–229. IGI Global (2012)
Sandhu, R., Ravi, S., Munawer, Q.: How to do discretionary access control using roles. In: ACM Workshop on Role-Based Access Control (RBAC 1998), pp. 47–54. ACM (1998)
Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Symposium on Principles of Programming Languages (POPL 1998), pp. 355–364. ACM (1998)
Zeldovich, N., Boyd-Wickizer, S., Mazières, D.: Securing distributed systems with information flow control. In: 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2008), pp. 293–308. USENIX Association (2008)
Zdancewic, S.: Challenges for information-flow security. In: Programming Language Interference and Dependence, PLID 2004 (2004)
Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Security and Privacy (SP 1997), pp. 94–102. IEEE Computer Society (1997)
Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Secure program partitioning. ACM Transactions on Computer Systems 20(3), 283–328 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ben Said, N., Abdellatif, T., Bensalem, S., Bozga, M. (2014). Model-Driven Information Flow Security for Component-Based Systems. In: Bensalem, S., Lakhneck, Y., Legay, A. (eds) From Programs to Systems. The Systems perspective in Computing. Lecture Notes in Computer Science, vol 8415. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54848-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-54848-2_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54847-5
Online ISBN: 978-3-642-54848-2
eBook Packages: Computer ScienceComputer Science (R0)