Enforcing Generalized Refinement-Based Noninterference for Secure Interface Composition

2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-01 DOI:10.1109/COMPSAC.2017.118

Cong Sun, Ning Xi, Jianfeng Ma

{"title":"Enforcing Generalized Refinement-Based Noninterference for Secure Interface Composition","authors":"Cong Sun, Ning Xi, Jianfeng Ma","doi":"10.1109/COMPSAC.2017.118","DOIUrl":null,"url":null,"abstract":"Information flow security has been considered as a critical requirement on complicated component-based software. The recent efforts on the compositional information flow analyses were limited on the expressiveness of security lattice and the efficiency of compositional enforcement. Extending these approaches to support more general security lattices is usually nontrivial because the compositionality of information flow security properties should be properly treated. In this work, we present a new extension of interface automaton. On this interface structure, we propose two refinement-based security properties, adaptable to any finite security lattice. For each property, we present and prove the security condition that ensures the property to be preserved under composition. Furthermore, we implement the refinement algorithms and the security condition decision procedure. We demonstrate the usability and efficiency of our approach with in-depth case studies. The evaluation results show that our compositional enforcement can effectively reduce the verification cost compared with global verification on composite system.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"41 1","pages":"586-595"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPSAC.2017.118","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Information flow security has been considered as a critical requirement on complicated component-based software. The recent efforts on the compositional information flow analyses were limited on the expressiveness of security lattice and the efficiency of compositional enforcement. Extending these approaches to support more general security lattices is usually nontrivial because the compositionality of information flow security properties should be properly treated. In this work, we present a new extension of interface automaton. On this interface structure, we propose two refinement-based security properties, adaptable to any finite security lattice. For each property, we present and prove the security condition that ensures the property to be preserved under composition. Furthermore, we implement the refinement algorithms and the security condition decision procedure. We demonstrate the usability and efficiency of our approach with in-depth case studies. The evaluation results show that our compositional enforcement can effectively reduce the verification cost compared with global verification on composite system.

查看原文本刊更多论文

在安全接口组合中加强基于广义细化的不干扰

信息流安全已被认为是复杂组件软件的关键要求。目前对组合信息流分析的研究主要局限于安全格的表达性和组合执行的效率。扩展这些方法以支持更通用的安全格通常是非常重要的，因为应该正确处理信息流安全属性的组合性。在这项工作中，我们提出了界面自动机的一个新的扩展。在这个接口结构上，我们提出了两个基于改进的安全属性，它们适用于任何有限的安全格。对于每个性质，我们给出并证明了保证性质在组合下被保留的安全条件。在此基础上，实现了改进算法和安全条件判定程序。我们通过深入的案例研究展示了我们方法的可用性和效率。评估结果表明，与在组合系统上进行全局验证相比，我们的组合执行可以有效地降低验证成本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)

自引率

0.00%

发文量