362 research outputs found
Formalizing non-interference for a simple bytecode language in Coq
In this paper, we describe the application of the interactive theorem prover Coq to the security analysis of bytecode as used in Java. We provide a generic specification and proof of non-interference for bytecode languages using the Coq module system. We illustrate the use of this formalization by applying it to a small subset of Java bytecode. The emphasis of the paper is on modularity of a language formalization and its analysis in a machine proof
Statically checking confidentiality via dynamic labels
This paper presents a new approach for verifying confidentiality
for programs, based on abstract interpretation. The
framework is formally developed and proved correct in the
theorem prover PVS. We use dynamic labeling functions
to abstractly interpret a simple programming language via
modification of security levels of variables. Our approach
is sound and compositional and results in an algorithm for
statically checking confidentiality
07091 Abstracts Collection -- Mobility, Ubiquity and Security
From 25.02.2007 to 02.03.2007, the Dagstuhl Seminar 07091 ``Mobility,
Ubiquity and Security\u27\u27 was held in the International Conference and
Research Center (IBFI), Schloss Dagstuhl. During the seminar,
several participants presented their current research, and ongoing work and
open problems were discussed. Abstracts of the presentations given during
the seminar as well as abstracts of seminar results and ideas are put together
in this paper. The first section describes the seminar topics and goals
in general. Links to extended abstracts or full papers are provided,
if available
A Concurrent Perspective on Smart Contracts
In this paper, we explore remarkable similarities between multi-transactional
behaviors of smart contracts in cryptocurrencies such as Ethereum and classical
problems of shared-memory concurrency. We examine two real-world examples from
the Ethereum blockchain and analyzing how they are vulnerable to bugs that are
closely reminiscent to those that often occur in traditional concurrent
programs. We then elaborate on the relation between observable contract
behaviors and well-studied concurrency topics, such as atomicity, interference,
synchronization, and resource ownership. The described
contracts-as-concurrent-objects analogy provides deeper understanding of
potential threats for smart contracts, indicate better engineering practices,
and enable applications of existing state-of-the-art formal verification
techniques.Comment: 15 page
- …