9 research outputs found
A Cut Principle for Information Flow
We view a distributed system as a graph of active locations with
unidirectional channels between them, through which they pass messages. In this
context, the graph structure of a system constrains the propagation of
information through it.
Suppose a set of channels is a cut set between an information source and a
potential sink. We prove that, if there is no disclosure from the source to the
cut set, then there can be no disclosure to the sink. We introduce a new
formalization of partial disclosure, called *blur operators*, and show that the
same cut property is preserved for disclosure to within a blur operator. This
cut-blur property also implies a compositional principle, which ensures limited
disclosure for a class of systems that differ only beyond the cut.Comment: 31 page
Distributed Non-Interference
Information flow security properties were defined some years ago (see, e.g.,
the surveys \cite{FG01,Ry01}) in terms of suitable equivalence checking
problems. These definitions were provided by using sequential models of
computations (e.g., labeled transition systems \cite{GV15}), and interleaving
behavioral equivalences (e.g., bisimulation equivalence \cite{Mil89}). More
recently, the distributed model of Petri nets has been used to study
non-interference in \cite{BG03,BG09,BC15}, but also in these papers an
interleaving semantics was used. We argue that in order to capture all the
relevant information flows, truly-concurrent behavioral equivalences must be
used. In particular, we propose for Petri nets the distributed non-interference
property, called DNI, based on {\em branching place bisimilarity}
\cite{Gor21b}, which is a sensible, decidable equivalence for finite Petri nets
with silent moves. Then we focus our attention on the subclass of Petri nets
called {\em finite-state machines}, which can be represented (up to
isomorphism) by the simple process algebra CFM \cite{Gor17}. DNI is very easily
checkable on CFM processes, as it is compositional, so that it does does not
suffer from the state-space explosion problem. Moreover, we show that DNI can
be characterized syntactically on CFM by means of a type system
CoSMed: a confidentiality-verified social media platform
This paper describes progress with our agenda of formal verification of information flow security for realistic systems. We present CoSMed, a social media platform with verified document confidentiality. The system’s kernel is implemented and verified in the proof assistant Isabelle/HOL. For verification, we employ the framework of Bounded-De- ducibility (BD) Security, previously introduced for the conference system CoCon. CoSMed is a second major case study in this framework. For CoSMed, the static topology of declas- sification bounds and triggers that characterized previous instances of BD Security has to give way to a dynamic integration of the triggers as part of the bounds. We also show that, from a theoretical viewpoint, the removal of triggers from the notion of BD Security does not restrict its expressiveness
CoSMeDis: a distributed social media platform with formally verified confidentiality guarantees
We present the design, implementation and information flow verification of CoSMeDis, a distributed social media platform. The system consists of an arbitrary number of communicating nodes, deployable at different locations over the Internet. Its registered users can post content and establish intra-node and inter-node friendships, used to regulate access control over the posts. The system’s kernel has been verified in the proof assistant Isabelle/HOL and automatically extracted as Scala code. We formalized a framework for composing a class of information flow security guarantees in a distributed system, applicable to input/output automata. We instantiated this framework to confidentiality properties for CoSMeDis’s sources of information: posts, friendship requests, and friendship status
CoCon: A conference management system with formally verified document confidentiality
We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata
CoSMeDis : a distributed social media platform with formally verified confidentiality guarantees
We present the design, implementation and information flow verification of CoSMeDis, a distributed social media platform. The system consists of an arbitrary number of communicating nodes, deployable at different locations over the Internet. Its registered users can post content and establish intra-node and inter-node friendships, used to regulate access control over the posts. The system's kernel has been verified in the proof assistant Isabelle/HOL and automatically extracted as Scala code. We formalized a framework for composing a class of information flow security guarantees in a distributed system, applicable to input/output automata. We instantiated this framework to confidentiality properties for CoSMeDis's sources of information: posts, friendship requests, and friendship status
Localizing Security for Distributed Firewalls
In complex networks, filters may be applied at different nodes to control how packets flow. In this paper, we study how to locate filtering functionality within a network. We show how to enforce a set of security goals while allowing maximal service subject to the security constraints. Our contributions include a way to specify security goals for how packets traverse the network and an algorithm to distribute filtering functionality to different nodes in the network to enforce a given set of security goals
CoSMed: A Confidentiality-Verified Social Media Platform
This paper describes progress with our agenda of formal verification of information flow security for realistic systems. We present CoSMed, a social media platform with verified document confidentiality. The system’s kernel is implemented and verified in the proof assistant Isabelle/HOL. For verification, we employ the framework of Bounded-Deducibility (BD) Security, previously introduced for the conference system CoCon. CoSMed is a second major case study in this framework. For CoSMed, the static topology of declassification bounds and triggers that characterized previous instances of BD Security has to give way to a dynamic integration of the triggers as part of the bounds. We also show that, from a theoretical viewpoint, the removal of triggers from the notion of BD Security does not restrict its expressiveness
CoCon: A conference management system with formally verified document confidentiality
We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata