An Isabelle/HOL Formalization of Declassification with WHAT&WHERE security

Authors: Sylvia Grewe, Alexander Lux, Heiko Mantel, Jens Sauer

Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition by requiring that no information whatsoever flows from private sources to public sinks. However, in practice this definition is often too strict: Depending on the intuitive desired security policy, the controlled declassification of certain private information (WHAT) at certain points in the program (WHERE) might not result in an undesired information leak.

We present an Isabelle/HOL formalization of such a security property for controlled declassification, namely WHAT&WHERE-security from [1]. The formalization includes compositionality proofs for and a soundness proof for a security type system that checks for programs in a simple while language with dynamic thread creation.

Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions.


You can download the complete Isabelle/HOL formalization here (WHATandWHERE-Security.tar.gz).
You can browse the HTML version of the Isabelle/HOL theory files here.

This work has also been accepted in the Isabelle/HOL Archive of Formal Proofs:
http://afp.sourceforge.net/entries/WHATandWHERE_Security.shtml

References

[1] Scheduler-Independent Declassification, A. Lux, H. Mantel, and M. Perner, In Proceedings of the 11th International Conference on Mathematics of Program Construction (MPC), 2012.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang