Skip to main content
SpringerLink
Log in
Book cover

Transactions on Computational Science X pp 261–297Cite as

A Weakest Precondition Approach to Robustness

  • Chapter

Part of the book series: Lecture Notes in Computer Science ((TCOMPUTATSCIE,volume 6340))

Abstract

With the increasing complexity of information management computer systems, security becomes a real concern. E-government, web-based financial transactions or military and health care information systems are only a few examples where large amount of information can reside on different hosts distributed worldwide. It is clear that any disclosure or corruption of confidential information in these contexts can result fatal. Information flow controls constitute an appealing and promising technology to protect both data confidentiality and data integrity. The certification of the security degree of a program that runs in untrusted environments still remains an open problem in the area of language-based security. Robustness asserts that an active attacker, who can modify program code in some fixed points (holes), is unable to disclose more private information than a passive attacker, who merely observes unclassified data. In this paper, we extend a method recently proposed for checking declassified non-interference in presence of passive attackers only, in order to check robustness by means of weakest precondition semantics. In particular, this semantics simulates the kind of analysis that can be performed by an attacker, i.e., from public output towards private input. The choice of semantics allows us to distinguish between different attacks models and to characterize the security of applications in different scenarios.

Our results are sound to address confidentiality and integrity of software running in untrusted environments where different actors can distrust one another. For instance, a web server can be attacked by a third party in order to steal a session cookie or hijack clients to a fake web page.

We would like to thank Mads Dam and anonymous referees for insightful suggestions and comments.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. http://www.owasp.org

  2. Balliu, M., Mastroeni, I.: A weakest precondition approach to active attacks analysis. In: PLAS, pp. 59–71 (2009)

    Google Scholar 

  3. Banerjee, A., Giacobazzi, R., Mastroeni, I.: What you lose is what you leak: Information leakage in declassification policies. In: Proc. of the 23th Internat. Symp. on Mathematical Foundations of Programming Semantics MFPS 2007. Electronic Notes in Theoretical Computer Science, vol. 1514. Elsevier, Amsterdam (2007)

    Google Scholar 

  4. Centenaro, M., Focardi, R., Luccio, F.L., Steel, G.: Type-based analysis of pin processing apis. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 53–68. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Chong, S., Myers, A.C.: Decentralized robustness. In: Proc. the IEEE Computer Security Foundations Workshop (CSFW-19), Washington, DC, USA, pp. 242–256. IEEE Computer Society, Los Alamitos (2006)

    Chapter  Google Scholar 

  6. Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for javascript. In: PLDI, pp. 50–62 (2009)

    Google Scholar 

  7. Cohen, E.S.: Information transmission in sequential programs. In: DeMillo, et al. (eds.) Foundations of Secure Computation, pp. 297–335. Academic Press, New York (1978)

    Google Scholar 

  8. Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of Conf. Record of the 4th ACM Symp. on Principles of Programming Languages POPL 1977, pp. 238–252. ACM Press, New York (1977)

    Google Scholar 

  9. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proc. of Conf. Record of the 6th ACM Symp. on Principles of Programming Languages POPL 1979, pp. 269–282. ACM Press, New York (1979)

    Google Scholar 

  10. Danicic, S., Harman, M., Hierons, R., Howroyd, J., Laurence, M.: Applications of linear program schematology in dependence analysis. In: PLID (2004)

    Google Scholar 

  11. Dijkstra, E.W.: A discipline of programming. Series in automatic computation. Prentice Hall, Englewood Cliffs (1976)

    MATH  Google Scholar 

  12. Dijkstra, E.W.: Guarded commands, nondeterminism and formal derivation of programs. Comm. of The ACM 18(8), 453–457 (1975)

    Article  MATH  MathSciNet  Google Scholar 

  13. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20. IEEE Comp. Soc. Press, Los Alamitos (1982)

    Google Scholar 

  14. Gries, D.: The Science of Programming. Springer, Heidelberg (1981)

    MATH  Google Scholar 

  15. Hehner, E.C.R.: The Logic of Programming. In: Hoare, C.A.R. (ed.) Series in Computer Science. Prentice Hall, Englewood Cliffs (1984)

    Google Scholar 

  16. Rustan, K., Leino, M.: Efficient weakest preconditions. Inf. Process. Lett. 93(6), 281–288 (2005)

    Article  MATH  Google Scholar 

  17. Ingo Lutkebohle. Same origin policy for javascript

    Google Scholar 

  18. Mastroeni, I., Banerjee, A.: Modelling declassification policies using abstract domain completeness. Technical Report RR 61/2008, Department of Computer Science, University of Verona (May 2008)

    Google Scholar 

  19. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol. 9(4), 410–442 (2000)

    Article  Google Scholar 

  20. Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: Proc. IEEE Symp. on Security and Privacy, pp. 21–34. IEEE Comp. Soc. Press, Los Alamitos (2004)

    Google Scholar 

  21. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. on Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  22. Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. J. of Computer Security (2007)

    Google Scholar 

  23. Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Krügel, C., Vigna, G.: Cross site scripting prevention with dynamic data tainting and static analysis. In: NDSS (2007)

    Google Scholar 

  24. Winskel, G.: The formal semantics of programming languages: an introduction. MIT Press, Cambridge (1993)

    MATH  Google Scholar 

  25. Yao, A.C.-C.: Protocols for secure computations (extended abstract). In: FOCS, pp. 160–164 (1982)

    Google Scholar 

  26. Zdancewic, S., Myers, A.C.: Robust declassification. In: Proc. of the IEEE Computer Security Foundations Workshop, pp. 15–23. IEEE Comp. Soc. Press, Los Alamitos (2001)

    Chapter  Google Scholar 

  27. Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Untrusted hosts and confidentiality: Secure program partitioning. In: SOSP, pp. 1–14 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Communication, Royal Institute of Technology, Stockholm, Sweden

    Musard Balliu

  2. Dipartimento di Informatica, Università di Verona, Strada Le Grazie 15, I-37134, Verona, Italy

    Isabella Mastroeni

Authors
  1. Musard Balliu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Isabella Mastroeni
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Exascala Ltd., Unit 9, 97 Rickman Drive, B15 2AL, Birmingham, UK

    C. J. Kenneth Tan

  3. DCOMP/UFS - Federal University of Sergipe, Aracaju, SE, Brazil

    Edward David Moreno

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Balliu, M., Mastroeni, I. (2010). A Weakest Precondition Approach to Robustness. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science X. Lecture Notes in Computer Science, vol 6340. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17499-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17499-5_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17498-8

  • Online ISBN: 978-3-642-17499-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation