Abstract
We consider the problem of detecting covert channels within security-enforcing object-capability patterns. Traditional formalisms for reasoning about the security properties of object-capability patterns require one to be aware, a priori, of all possible mechanisms for covert information flow that might be present within a pattern, in order to detect covert channels within it. We show how the CSP process algebra, and its model-checker FDR, can be applied to overcome this limitation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Elkaduwe, D., Klein, G., Elphinstone, K.: Verified protection model of the seL4 microkernel. In: Shankar, N., Woodcock, J. (eds.) VSTTE 2008. LNCS, vol. 5295, pp. 99–114. Springer, Heidelberg (2008)
Focardi, R.: Comparing two information flow security properties. In: Proceedings of CSFW 1996, pp. 116–122. IEEE Computer Society, Los Alamitos (1996)
Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. Journal of Computer Security 3(1), 5–33 (1995)
Formal Systems (Europe), Limited. FDR2 User Manual (2005)
Grove, D., Murray, T., Owen, C., North, C., Jones, J., Beaumont, M.R., Hopkins, B.D.: An overview of the Annex system. In: Proceedings of ACSAC 2007 (2007)
Lazić, R.S.: A Semantic Study of Data Independence with Applications to Model Checking. D.Phil. thesis. Oxford University Computing Laboratory (1999)
Lowe, G.: On information flow and refinement-closure. In: Proceedings of the Workshop on Issues in the Theory of Security, WITS 2007 (2007)
Mettler, A.M., Wagner, D.: The Joe-E language specification, version 1.0. Technical Report EECS-2008-91, University of California, Berkeley (August 2008)
Miller, M.S.: Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis. Johns Hopkins University (2006)
Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized JavaScript, draft (2008)
Murray, T.: Analysing the Security Properties of Object-Capability Patterns. D.Phil. thesis. University of Oxford (2010) (Forthcoming)
Murray, T., Lowe, G.: On refinement-closed security properties and nondeterministic compositions. In: Proceedings of AVoCS 2008, pp. 49–68 (2009)
Rohrmair, G.T., Lowe, G.: Using data-independence in the analysis of intrusion detection systems. Theoretical Computer Science 340(1), 82–101 (2005)
Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Englewood Cliffs (1997)
Roscoe, A.W., Broadfoot, P.J.: Proving security protocols with model checkers by data independence techniques. J. Comput. Secur. 7(2-3), 147–190 (1999)
Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference? In: Proceedings of CSFW 1999, p. 228. IEEE Computer Society, Los Alamitos (1999)
Ryan, P., Schneider, S.: Process algebra and non-interference. Journal of Computer Security 9(1/2), 75–103 (2001)
Ryan, P.Y.A.: A CSP formulation of non-interference and unwinding. IEEE Cipher, 19–30 (Winter 1991)
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1208–1308 (1975)
Spiessens, A.: Patterns of Safe Collaboration. PhD thesis, Université catholique de Louvain, Louvain-la-Neuve, Belgium (February 2007)
van der Meyden, R.: Architectural refinement and notions of intransitive noninterference. In: Massacci, F., Redwine Jr., S.T., Zannone, N. (eds.) ESSoS 2009. LNCS, vol. 5429, pp. 60–74. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Murray, T., Lowe, G. (2010). Analysing the Information Flow Properties of Object-Capability Patterns. In: Degano, P., Guttman, J.D. (eds) Formal Aspects in Security and Trust. FAST 2009. Lecture Notes in Computer Science, vol 5983. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12459-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-12459-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12458-7
Online ISBN: 978-3-642-12459-4
eBook Packages: Computer ScienceComputer Science (R0)