Composition and Declassification in Possibilistic Information Flow Security

Formal methods for security can rule out whole classes of security vulnerabilities, but applying them in practice remains challenging. This thesis develops formal verification techniques for information flow security that combine the expressivity and scalability strengths of existing frameworks. It builds upon Bounded Deducibility (BD) Security, which allows specifying and verifying fine-grained policies about what information may flow when to whom. Our main technical result is a compositionality theorem for BD Security, providing scalability by allowing us to verify security properties of a large system by verifying smaller components. Its practical utility is illustrated by a case study of verifying confidentiality properties of a distributed social media platform. Moreover, we discuss its use for the modular development of secure workflow systems, and for the security-preserving enforcement of safety and security properties other than information flow control

CoSMed: a confidentiality-verified social media platform

This paper describes progress with our agenda of formal verification of information flow security for realistic systems. We present CoSMed, a social media platform with verified document confidentiality. The system’s kernel is implemented and verified in the proof assistant Isabelle/HOL. For verification, we employ the framework of Bounded-De- ducibility (BD) Security, previously introduced for the conference system CoCon. CoSMed is a second major case study in this framework. For CoSMed, the static topology of declas- sification bounds and triggers that characterized previous instances of BD Security has to give way to a dynamic integration of the triggers as part of the bounds. We also show that, from a theoretical viewpoint, the removal of triggers from the notion of BD Security does not restrict its expressiveness

CoSMed: a confidentiality-verified social media platform

This paper describes progress with our agenda of formal verification of information-flow security for realistic systems. We present CoSMed, a social media platform with verified document confidentiality. The system’s kernel is implemented and verified in the proof assistant Isabelle/HOL. For verification, we employ the framework of Bounded-Deducibility (BD) Security, previously introduced for the conference system CoCon. CoSMed is a second major case study in this framework. For CoSMed, the static topology of declassification bounds and triggers that characterized previous instances of BD security has to give way to a dynamic integration of the triggers as part of the bound

CoSMeDis: a distributed social media platform with formally verified confidentiality guarantees

We present the design, implementation and information flow verification of CoSMeDis, a distributed social media platform. The system consists of an arbitrary number of communicating nodes, deployable at different locations over the Internet. Its registered users can post content and establish intra-node and inter-node friendships, used to regulate access control over the posts. The system’s kernel has been verified in the proof assistant Isabelle/HOL and automatically extracted as Scala code. We formalized a framework for composing a class of information flow security guarantees in a distributed system, applicable to input/output automata. We instantiated this framework to confidentiality properties for CoSMeDis’s sources of information: posts, friendship requests, and friendship status

CoSMeDis : a distributed social media platform with formally verified confidentiality guarantees

We present the design, implementation and information flow verification of CoSMeDis, a distributed social media platform. The system consists of an arbitrary number of communicating nodes, deployable at different locations over the Internet. Its registered users can post content and establish intra-node and inter-node friendships, used to regulate access control over the posts. The system's kernel has been verified in the proof assistant Isabelle/HOL and automatically extracted as Scala code. We formalized a framework for composing a class of information flow security guarantees in a distributed system, applicable to input/output automata. We instantiated this framework to confidentiality properties for CoSMeDis's sources of information: posts, friendship requests, and friendship status

CoSMed: A Confidentiality-Verified Social Media Platform

This paper describes progress with our agenda of formal verification of information flow security for realistic systems. We present CoSMed, a social media platform with verified document confidentiality. The system’s kernel is implemented and verified in the proof assistant Isabelle/HOL. For verification, we employ the framework of Bounded-Deducibility (BD) Security, previously introduced for the conference system CoCon. CoSMed is a second major case study in this framework. For CoSMed, the static topology of declassification bounds and triggers that characterized previous instances of BD Security has to give way to a dynamic integration of the triggers as part of the bounds. We also show that, from a theoretical viewpoint, the removal of triggers from the notion of BD Security does not restrict its expressiveness

Dimensional accuracy of Electron Beam Melting (EBM) additive manufacture with regard to weight optimized truss structures

The Electron Beam (EBM) additive manufacturing process is well suited to fabricating complex structural designs in Ti–6Al–4V because of the design freedoms it offers combined with strong and consistent material properties. However it has been observed that complications may arise when manufacturing truss-like structures (such as those produced via structural topology optimization) in the form of undersized features on the finished part. The issue appears to affect truss members that are not aligned with the vertical build direction, with an apparent lack of material on the negative surfaces. This effect appears to worsen with a greater angle between the truss member and the build direction, even with the use of support structures. This investigation has characterized and measured the dimensional errors that result from this issue through 3D scanning techniques. Process modifications have then been made which result in significant improvements in dimensional accuracy. This investigation highlights the importance of heat management at features with negative surfaces to yield parts that are dimensionally accurate without introducing excessive internal melt defects in the form of voids and porosity

RIFL 1.1: A Common Specification Language for Information-Flow Requirements

The RS³ Information-Flow Specification Language (RIFL) is a policy language for information-flow security. RIFL originated from the need for a common language for specifying security requirements within the DFG priority program Reliably Secure Software Systems (RS³) (http://www.spp-rs3.de). In this report, we present the syntax and informal semantics of RIFL 1.1, the most recent version of RIFL. At this point in time, RIFL is supported by four tools for information-flow analysis. We believe that RIFL can also be useful as a policy language for further tools, and we encourage its adoption and extension by the community

Microstructural characterisation of a nickel alloy processed via blown powder direct laser deposition (DLD)

A three dimensional structure of varying wall thickness has been manufactured from an alloy similar to 718 and subjected to metallographic characterisation. The technique is evaluated as a process capable of generating complex geometries. This can be used to add features or as a free form fabrication method. However, in order to allow for comparison to structures developed through more traditional techniques, detailed microstructural characterisation has been undertaken to attempt to understand the potential effect of variation on resultant mechanical properties.Samples were extracted from six locations with different wall thicknesses, intricate features and intersecting ligament geometry. A γ″ linearly arrayed structure within a γ matrix was consistent throughout the component. Micro-porosity was restricted to isolated, spherical pores < 1 μm in diameter. Electron back-scatter diffraction and X-ray computed microtomography quantitative microstructural analysis techniques have been utilized to assess the influence of layering upon microporosity, patternation and grain structure.A detailed comparison is also made between blown powder Direct Layer Deposition (DLD) and a similar deposition technique, shaped metal deposition (SMD). Blown powder DLD produces a smaller weld pool and results in a more consistent microstructure than SMD, with less evidence of unfavourable phases brought about by prolonged exposure to high temperatures. The improved microstructure, however, must be measured against the different process economics of the blown powder DLD technique

Komposition und Deklassifikation in possibilistischer Informationsflusssicherheit

Formal methods for security can rule out whole classes of security vulnerabilities, but applying them in practice remains challenging. This thesis develops formal verification techniques for information flow security that combine the expressivity and scalability strengths of existing frameworks. It builds upon Bounded Deducibility (BD) Security, which allows specifying and verifying fine-grained policies about what information may flow when to whom. Our main technical result is a compositionality theorem for BD Security, providing scalability by allowing us to verify security properties of a large system by verifying smaller components. Its practical utility is illustrated by a case study of verifying confidentiality properties of a distributed social media platform. Moreover, we discuss its use for the modular development of secure workflow systems, and for the security-preserving enforcement of safety and security properties other than information flow control