超属性的灰盒运行时强制

IF 0.5 4区计算机科学 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Acta Informatica Pub Date : 2025-08-09 DOI:10.1007/s00236-025-00502-1

Tzu-Han Hsu, Ana Oliveira da Costa, Andrew Wintenberg, Ezio Bartocci, Borzoo Bonakdarpour

{"title":"超属性的灰盒运行时强制","authors":"Tzu-Han Hsu, Ana Oliveira da Costa, Andrew Wintenberg, Ezio Bartocci, Borzoo Bonakdarpour","doi":"10.1007/s00236-025-00502-1","DOIUrl":null,"url":null,"abstract":"<div>Enforcement of information-flow policies has been extensively studied by language-based approaches over the past few decades. In this paper, we propose an alternative, novel, general, and effective approach using enforcement of hyperproperties– a powerful formalism for expressing and reasoning about a wide range of information-flow security policies. We study black- vs. gray- vs. white-box enforcement of hyperproperties expressed by nondeterministic finite-word hyperautomata (NFH), where the enforcer has null, some, or complete information about the implementation of the system under scrutiny. Given an NFH, in order to generate a runtime enforcer, we reduce the problem to controller synthesis for hyperproperties and subsequently to the satisfiability problem for quantified Boolean formulas (QBFs). The resulting enforcers are transferable with low-overhead. We conduct a rich set of case studies, including information-flow control for JavaScript code, as well as synthesizing obfuscators for control plants.</div>","PeriodicalId":7189,"journal":{"name":"Acta Informatica","volume":"62 3","pages":""},"PeriodicalIF":0.5000,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://link.springer.com/content/pdf/10.1007/s00236-025-00502-1.pdf","citationCount":"0","resultStr":"{\"title\":\"Gray-box runtime enforcement of hyperproperties\",\"authors\":\"Tzu-Han Hsu, Ana Oliveira da Costa, Andrew Wintenberg, Ezio Bartocci, Borzoo Bonakdarpour\",\"doi\":\"10.1007/s00236-025-00502-1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>Enforcement of information-flow policies has been extensively studied by language-based approaches over the past few decades. In this paper, we propose an alternative, novel, general, and effective approach using enforcement of hyperproperties– a powerful formalism for expressing and reasoning about a wide range of information-flow security policies. We study black- vs. gray- vs. white-box enforcement of hyperproperties expressed by nondeterministic finite-word hyperautomata (NFH), where the enforcer has null, some, or complete information about the implementation of the system under scrutiny. Given an NFH, in order to generate a runtime enforcer, we reduce the problem to controller synthesis for hyperproperties and subsequently to the satisfiability problem for quantified Boolean formulas (QBFs). The resulting enforcers are transferable with low-overhead. We conduct a rich set of case studies, including information-flow control for JavaScript code, as well as synthesizing obfuscators for control plants.</div>\",\"PeriodicalId\":7189,\"journal\":{\"name\":\"Acta Informatica\",\"volume\":\"62 3\",\"pages\":\"\"},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2025-08-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://link.springer.com/content/pdf/10.1007/s00236-025-00502-1.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Acta Informatica\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://link.springer.com/article/10.1007/s00236-025-00502-1\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Acta Informatica","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s00236-025-00502-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在过去的几十年里，信息流策略的实施已经通过基于语言的方法得到了广泛的研究。在本文中，我们提出了一种可选的、新颖的、通用的和有效的方法，该方法使用了超特性的实施——一种用于表达和推理广泛的信息流安全策略的强大形式。我们研究由非确定性有限词超自动机（NFH）表达的超特性的黑盒、灰盒和白盒强制执行，其中强制执行器具有关于被审查的系统实现的null、一些或完整的信息。给定一个NFH，为了生成一个运行时强制器，我们将问题简化为超属性的控制器综合，然后将问题简化为量化布尔公式（QBFs）的可满足性问题。由此产生的执行者可以低开销地转移。我们进行了丰富的案例研究，包括JavaScript代码的信息流控制，以及控制工厂的合成混淆器。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Gray-box runtime enforcement of hyperproperties

Enforcement of information-flow policies has been extensively studied by language-based approaches over the past few decades. In this paper, we propose an alternative, novel, general, and effective approach using enforcement of hyperproperties– a powerful formalism for expressing and reasoning about a wide range of information-flow security policies. We study black- vs. gray- vs. white-box enforcement of hyperproperties expressed by nondeterministic finite-word hyperautomata (NFH), where the enforcer has null, some, or complete information about the implementation of the system under scrutiny. Given an NFH, in order to generate a runtime enforcer, we reduce the problem to controller synthesis for hyperproperties and subsequently to the satisfiability problem for quantified Boolean formulas (QBFs). The resulting enforcers are transferable with low-overhead. We conduct a rich set of case studies, including information-flow control for JavaScript code, as well as synthesizing obfuscators for control plants.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Acta Informatica 工程技术-计算机：信息系统

CiteScore

2.40

自引率

16.70%

发文量

审稿时长

>12 weeks

期刊介绍： Acta Informatica provides international dissemination of articles on formal methods for the design and analysis of programs, computing systems and information structures, as well as related fields of Theoretical Computer Science such as Automata Theory, Logic in Computer Science, and Algorithmics. Topics of interest include: • semantics of programming languages • models and modeling languages for concurrent, distributed, reactive and mobile systems • models and modeling languages for timed, hybrid and probabilistic systems • specification, program analysis and verification • model checking and theorem proving • modal, temporal, first- and higher-order logics, and their variants • constraint logic, SAT/SMT-solving techniques • theoretical aspects of databases, semi-structured data and finite model theory • theoretical aspects of artificial intelligence, knowledge representation, description logic • automata theory, formal languages, term and graph rewriting • game-based models, synthesis • type theory, typed calculi • algebraic, coalgebraic and categorical methods • formal aspects of performance, dependability and reliability analysis • foundations of information and network security • parallel, distributed and randomized algorithms • design and analysis of algorithms • foundations of network and communication protocols.