Title :
Compositional Information-Flow Security for Interactive Systems
Author :
Rafnsson, Willard ; Sabelfeld, Andrei
Author_Institution :
Chalmers Univ. of Technol., Gothenburg, Sweden
Abstract :
To achieve end-to-end security in a system built from parts, it is important to ensure that the composition of secure components is itself secure. This work investigates the compositionality of two popular conditions of possibilistic noninterference. The first condition, progress-insensitive noninterference (PINI), is the security condition enforced by practical tools like JSFlow, Paragon, sequential LIO, Jif, Flow Caml, and SPARK Examiner. We show that this condition is not preserved under fair parallel composition: composing a PINI system fairly with another PINI system can yield an insecure system. We explore constraints that allow recovering compositionality for PINI. Further, we develop a theory of compositional reasoning. In contrast to PINI, we show what PSNI behaves well under composition, with and without fairness assumptions. Our work is performed within a general framework for nondeterministic interactive systems.
Keywords :
interactive systems; security of data; Flow Caml; JSFlow; Jif; PINI system; Paragon; SPARK Examiner; compositional information-flow security; compositional reasoning; end-to-end security; nondeterministic interactive systems; parallel composition; possibilistic noninterference; progress-insensitive noninterference; sequential LIO; Cognition; Computational modeling; Interactive systems; Security; Semantics; Sensitivity; Synchronization;
Conference_Titel :
Computer Security Foundations Symposium (CSF), 2014 IEEE 27th
Conference_Location :
Vienna
DOI :
10.1109/CSF.2014.27
