Many-to-Many Information Flow Policies

Information flow techniques typically classify information according to suitable security levels and enforce policies that are based on binary relations between individual levels, e.g., stating that information is allowed to flow from one level to another. We argue that some information flow properties of interest naturally require coordination patterns that involve sets of security levels rather than individual levels: some secret information could be safely disclosed to a set of confidential channels of incomparable security levels, with individual leaks considered instead illegal; a group of competing agencies might agree to disclose their secrets, with individual disclosures being undesired, etc. Motivated by this we propose a simple language for expressing information flow policies where the usual admitted flow relation between individual security levels is replaced by a relation between sets of security levels, thus allowing to capture coordinated flows of information. The flow of information is expressed in terms of causal dependencies and the satisfaction of a policy is defined with respect to an event structure that is assumed to capture the causal structure of system computations. We suggest applications to secret exchange protocols, program security and security architectures, and discuss the relation to classic notions of information flow control

Unwinding biological systems

Unwinding conditions have been fruitfully exploited in Information Flow Security to define persistent security properties. In this paper we investigate their meaning and possible uses in the analysis of biological systems. In particular, we elaborate on the notion of robustness and propose some instances of unwinding over the process algebra Bio-PEPA and over hybrid automata. We exploit such instances to analyse two case-studies: Neurospora crassa circadian system and Influenza kinetics models

Formal models and analysis of secure multicast in wired and wireless networks

The spreading of multicast technology enables the development of group communication and so dealing with digital streams becomes more and more common over the Internet. Given the flourishing of security threats, the distribution of streamed data must be equipped with sufficient security guarantees. To this aim, some architectures have been proposed, to supply the distribution of the stream with guarantees of, e.g., authenticity, integrity, and confidentiality of the digital contents. This paper shows a formal capability of capturing some features of secure multicast protocols. In particular, both the modeling and the analysis of some case studies are shown, starting from basic schemes for signing digital streams, passing through proto- cols dealing with packet loss and time-synchronization requirements, concluding with a secure distribution of a secret key. A process-algebraic framework will be exploited, equipped with schemata for analysing security properties and compositional principles for evaluating if a property is satisfied over a system with more than two components

CommCSL: Proving Information Flow Security for Concurrent Programs using Abstract Commutativity

Information flow security ensures that the secret data manipulated by a program does not influence its observable output. Proving information flow security is especially challenging for concurrent programs, where operations on secret data may influence the execution time of a thread and, thereby, the interleaving between different threads. Such internal timing channels may affect the observable outcome of a program even if an attacker does not observe execution times. Existing verification techniques for information flow security in concurrent programs attempt to prove that secret data does not influence the relative timing of threads. However, these techniques are often restrictive (for instance because they disallow branching on secret data) and make strong assumptions about the execution platform (ignoring caching, processor instructions with data-dependent runtime, and other common features that affect execution time). In this paper, we present a novel verification technique for secure information flow in concurrent programs that lifts these restrictions and does not make any assumptions about timing behavior. The key idea is to prove that all mutating operations performed on shared data commute, such that different thread interleavings do not influence its final value. Crucially, commutativity is required only for an abstraction of the shared data that contains the information that will be leaked to a public output. Abstract commutativity is satisfied by many more operations than standard commutativity, which makes our technique widely applicable. We formalize our technique in CommCSL, a relational concurrent separation logic with support for commutativity-based reasoning, and prove its soundness in Isabelle/HOL. We implemented CommCSL in HyperViper, an automated verifier based on the Viper verification infrastructure, and demonstrate its ability to verify challenging examples

Formal models and analysis of secure multicast in wired and wireless networks

The spreading of multicast technology enables the develop- ment of group communication and so, dealing with digital streams be- comes more and more common over the Internet. Given the flourishing of security threats, the distribution of streamed data must be equipped with sufficient security guarantees. To this aim, some architectures have been proposed in the last few years, to supply the distribution of the stream with guarantees of, e.g., authenticity, integrity and confidentiality of the digital contents. This paper shows a formal capability of captur- ing some features of secure multicast protocols. In particular, both the modeling and the analysis of some case studies are shown, starting from basic schemes for signing digital streams, passing through protocols deal- ing with packet loss and time-synchronization requirements, concluding with a secure distribution of a secret key. A process-algebraic framework will be exploited, equipped with schemata for analysing security proper- ties and compositional principles for evaluating if a property is satisfied over a system with more than two components

A formal component-based software engineering approach for developing trustworthy systems

Software systems are increasingly becoming ubiquitous, affecting the way we experience the world. Embedded software systems, especially those used in smart devices, have become an essential constituent of the technological infrastructure of modem societies. Such systems, in order to be trusted in society, must be proved to be trustworthy. Trustworthiness is a composite non-functional property that implies safety, timeliness, security, availability, and reliability. This thesis is a contribution to a rigorous development of systems in which trustworthiness property can be specified and formally verified. Developing trustworthy software systems that are complex and used by a large heterogenous population of users is a challenging task. The component-based software engineering (CBSE) paradigm can provide an effective solution to address these challenges. However, none of the current component-based approaches can be used as is, because all of them lack the essential requirements for constructing trustworthy systems. The three contributions made in this thesis are intended to add to the expressive power needed to raise CBSE practices to a rigorous level for constructing formally verifiable trustworthy systems. The first contribution of the thesis is a formal definition of the trustworthy component model. The trustworthiness quality attributes are introduced as first class structural elements. The behavior of a component is automatically generated as an extended timed automata. A model checking technique is used to verify the properties of trustworthiness. A composition theory that preserves the properties of trustworthiness in a composition is presented. Conventional software engineering development processes are not suitable either for developing component-based systems or for developing trustworthy systems. In order to develop a component-based trustworthy system, the development process must be reuse-oriented, component-oriented, and must integrate formal languages and rigorous methods in all phases of system life-cycle. The second contribution of the thesis is a software engineering process model that consists of several parallel tracks of activities including component development, component assessment, component reuse, and component-based system development. The central concern in all activities of this process is ensuring trustworthiness. The third and final contribution of the thesis is a development framework with a comprehensive set of tools supporting the spectrum of formal development activity from modeling to deployment. The proposed approach has been applied to several case studies in the domains of component-based development and safety-critical systems. The experience from the case studies confirms that the approach is suitable for developing large and complex trustworthy systems

Programming Languages and Systems

This open access book constitutes the proceedings of the 29th European Symposium on Programming, ESOP 2020, which was planned to take place in Dublin, Ireland, in April 2020, as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The actual ETAPS 2020 meeting was postponed due to the Corona pandemic. The papers deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems

Aspects of Modeling and Verifying Secure Procedures

Security protocols are specifications for exchanging messages on a possibly insecure network. They aim at achieving some security goals (eg authenticating the parties involved in a communication, or preserving confidentiality of certain messages) preventing some malicious party to achieve advantages for its own. Goals of security protocols are generally achieved through the use of cryptography, the art of writing in secret characters, not comprehensible to anyone but the sender and the intended recipient. There is however a branch, in the computer science community, that, among its wide field of activities, aims at studying possible attacks on secure procedures without breaking cryptography, eg by manipulating some of the exchanged messages. This is the formal methods community, with an eye for security. This thesis mainly investigates the formal modeling and analysis of security protocols, both with finite and non finite behaviour, both within a process-algebraic and an automata framework. Real life protocols for signing and protecting digital contents and for giving assurance about authentic correspondences will be specified by means of the above cited formalisms, and some of their properties will be verified by means of formal proofs and automated tools. The original contributions of this thesis are the following. Within the framework of a formal modeling and verification of security protocols, we have applied an automated tool to better understand some secure mechanisms for the delivery of electronic documents. This has given us a deep insight on revealing the effects of omitted (or even erroneously implemented) security checks. Furthermore, a formal framework for modeling and analysing secure multicast and wireless communication protocols has been proposed. The analysis is mostly based on some new compositional principles giving sufficient conditions for safely composing an arbitrary number of components within a unique system. Also, steps towards providing the Team Automata formalism (TA) with a framework for security analysis have been taken. Within the framework, we model and analyse integrity and privacy properties, contributing to testify the expressive power and modelling capabilities of TA