基于安全属性的控制流验证

Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344) Pub Date : 1999-05-14 DOI:10.1109/SECPRI.1999.766902

T. Jensen, D. Métayer, Tommy Thorn

{"title":"基于安全属性的控制流验证","authors":"T. Jensen, D. Métayer, Tommy Thorn","doi":"10.1109/SECPRI.1999.766902","DOIUrl":null,"url":null,"abstract":"A fundamental problem in software based security is whether local security checks inserted into the code are sufficient to implement a global security property. We introduce a formalism based on a two-level linear time temporal logic for specifying global security properties pertaining to the control flow of the program, and illustrate its expressive power with a number of existing properties. We define a minimalistic, security dedicated program model that only contains procedure call and run time security checks and propose an automatic method for verifying that an implementation using local security checks satisfies a global security property. For a given formula in the temporal logic, we prove that there exists a bound on the size of the states that have to be considered in order to assure the validity of the formula: this reduces the problem to finite state model checking. Finally, we instantiate the framework to the security architecture proposed for Java (JDK 1.2).","PeriodicalId":204019,"journal":{"name":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"141","resultStr":"{\"title\":\"Verification of control flow based security properties\",\"authors\":\"T. Jensen, D. Métayer, Tommy Thorn\",\"doi\":\"10.1109/SECPRI.1999.766902\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A fundamental problem in software based security is whether local security checks inserted into the code are sufficient to implement a global security property. We introduce a formalism based on a two-level linear time temporal logic for specifying global security properties pertaining to the control flow of the program, and illustrate its expressive power with a number of existing properties. We define a minimalistic, security dedicated program model that only contains procedure call and run time security checks and propose an automatic method for verifying that an implementation using local security checks satisfies a global security property. For a given formula in the temporal logic, we prove that there exists a bound on the size of the states that have to be considered in order to assure the validity of the formula: this reduces the problem to finite state model checking. Finally, we instantiate the framework to the security architecture proposed for Java (JDK 1.2).\",\"PeriodicalId\":204019,\"journal\":{\"name\":\"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1999-05-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"141\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECPRI.1999.766902\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.1999.766902","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 141

摘要

基于软件的安全性中的一个基本问题是，插入到代码中的本地安全检查是否足以实现全局安全属性。我们介绍了一种基于两级线性时间时间逻辑的形式，用于指定与程序控制流相关的全局安全属性，并通过一些现有属性说明其表达能力。我们定义了一个极简的、安全专用的程序模型，它只包含过程调用和运行时安全检查，并提出了一种自动方法，用于验证使用本地安全检查的实现是否满足全局安全属性。对于时间逻辑中给定的公式，我们证明了为了保证公式的有效性而必须考虑的状态的大小存在一个界限:这将问题简化为有限状态模型检查。最后，我们将该框架实例化为针对Java (JDK 1.2)提出的安全体系结构。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Verification of control flow based security properties

A fundamental problem in software based security is whether local security checks inserted into the code are sufficient to implement a global security property. We introduce a formalism based on a two-level linear time temporal logic for specifying global security properties pertaining to the control flow of the program, and illustrate its expressive power with a number of existing properties. We define a minimalistic, security dedicated program model that only contains procedure call and run time security checks and propose an automatic method for verifying that an implementation using local security checks satisfies a global security property. For a given formula in the temporal logic, we prove that there exists a bound on the size of the states that have to be considered in order to assure the validity of the formula: this reduces the problem to finite state model checking. Finally, we instantiate the framework to the security architecture proposed for Java (JDK 1.2).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)

自引率

0.00%

发文量