Title :
Runtime verification of declassification for imperative programs: Formal foundations
Author :
Demongeot, Thomas ; Mallet, Julien ; Traon, Yves Le
Author_Institution :
DGA/DET/CELAR, Bruz, France
Abstract :
Declassification is required for most programs which manipulate protected data to process their results. In highly-secure programs, the declassification decision must be taken explicitly, which means that data or operations which are being declassified are known. This decision is critical and must be supported by automated verifications, which determine the risk of information leakage related to a given declassification. Currently, the available techniques are based on static analysis, which perform an over-approximation of this risk. In this paper, we study how dynamic approaches can perform more precise analysis on what is declassified and where, and finally ensure the security property, which allows declassification, at runtime. The notion of dynamic analysis w.r.t. to non-leakage properties is studied from a theoretical point of view and this proof of concept is illustrated using a ¿While¿ language.
Keywords :
classification; formal verification; security of data; automated verification; declassification runtime verification; formal foundation; imperative program; information leakage; nonleakage property; static analysis; while language; Connectors; Data security; Information analysis; Information security; Interference; Performance analysis; Protection; Risk analysis; Runtime; Telecommunications; Information flow; declassification; dynamic analysis; noninterference; security policies;
Conference_Titel :
Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on
Conference_Location :
Toulouse
Print_ISBN :
978-1-4244-4498-4
Electronic_ISBN :
2151-4763
DOI :
10.1109/CRISIS.2009.5411980
