12,112 research outputs found
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Safe abstractions of data encodings in formal security protocol models
When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants. In order to address this issue, this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev-Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified model
A Verified Information-Flow Architecture
SAFE is a clean-slate design for a highly secure computer system, with
pervasive mechanisms for tracking and limiting information flows. At the lowest
level, the SAFE hardware supports fine-grained programmable tags, with
efficient and flexible propagation and combination of tags as instructions are
executed. The operating system virtualizes these generic facilities to present
an information-flow abstract machine that allows user programs to label
sensitive data with rich confidentiality policies. We present a formal,
machine-checked model of the key hardware and software mechanisms used to
dynamically control information flow in SAFE and an end-to-end proof of
noninterference for this model.
We use a refinement proof methodology to propagate the noninterference
property of the abstract machine down to the concrete machine level. We use an
intermediate layer in the refinement chain that factors out the details of the
information-flow control policy and devise a code generator for compiling such
information-flow policies into low-level monitor code. Finally, we verify the
correctness of this generator using a dedicated Hoare logic that abstracts from
low-level machine instructions into a reusable set of verified structured code
generators
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
ICT–supported reforms of service delivery in Flemish cities: testing the concept of 'information ecology'
This paper explores organizational reforms in Flemish cities related to making the cities’ individual service delivery more efficient, customer orientated, customer friendly and integrated. The paper is the first one of a recently started research project and PhD research about the complexity of managing ICT-supported change of ‘individual’ service delivery. The overall objective of this paper is to set the stage for the research project’s research design in terms of its theoretical framework. Therefore, we report about our first explorative, inductive and descriptive findings related to this type of change within one city. We firstly inductively report about the objectives and the objects of change. Secondly, we develop a provisional theoretical framework. We therefore take the notion of an information ecology as a conceptual starting point and use a combination of elements of neo-institutional theory, system theory and a political perspective on organizational development. In order to explore the potentialities of this approach, we test the framework’s value for understanding the changes within the city. The framework enabled us to describe and analyze this type of reforms without neglecting the complexity of these changes. It tries to link some important public administration theories to the study of the e-government phenomenon that is still an important challenge. The most important lesson is that further refinement of the conceptual framework is needed. Although the analysis shows that the framework offers a conceptual basis to analyze front and back office reforms within public organizations, it still lacks a full and straightforward operationalization of its components, constructs, relations, etc
A Cut Principle for Information Flow
We view a distributed system as a graph of active locations with
unidirectional channels between them, through which they pass messages. In this
context, the graph structure of a system constrains the propagation of
information through it.
Suppose a set of channels is a cut set between an information source and a
potential sink. We prove that, if there is no disclosure from the source to the
cut set, then there can be no disclosure to the sink. We introduce a new
formalization of partial disclosure, called *blur operators*, and show that the
same cut property is preserved for disclosure to within a blur operator. This
cut-blur property also implies a compositional principle, which ensures limited
disclosure for a class of systems that differ only beyond the cut.Comment: 31 page
- …