Static Security Certification of Programs via Dynamic Labelling

Sandip Ghosal, R. K. Shyamasundar, N. V. Narendra Kumar

Abstract

Programming languages are pivotal for building robust secure systems, and language-based security platforms are very much in demand for building secure systems. In this paper, we explore an approach for static security certification of a class of imperative programs using a hybrid of static and dynamic labelling via information flow control (IFC) models. First, we illustrate an analysis of some benchmark programs using static (or immutable) labelling approaches, and discuss possible labelling of the principals/subjects and objects using a combination of mutable and immutable labelling, and discuss their impact on the precision of the underlying certification. Then, we describe our approach of static certification of programs based on a combination of mutable and immutable (i.e., hybrid) labelling; our labelling generates labels from the given set of initial labels (some of which could be immutable) and the constraints require to be satisfied for a program to be information-flow secure as defined by Denning et. al.(Denning and Denning, 1977). Our labelling algorithm is shown to be sound with respect to non-interference, and we further establish the termination of the algorithm. Our proposed labelling approach is more security precise than the other labelling approaches in the literature. It may be pointed out that the labels are generated succinctly without unnecessarily blowing up the label space. As the method is not tied to any particular security model, it provides a sound basis for the security certification of programs for information-flow security. We compare the precision realizable by our approach with those in the literature. The comparison of our approach also brings to light an intrinsic property of our labelling algorithm that could be effectively used for non-deterministic or concurrent programs.

Download


Paper Citation


in Harvard Style

Ghosal S., K. Shyamasundar R. and V. Narendra Kumar N. (2018). Static Security Certification of Programs via Dynamic Labelling.In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT, ISBN 978-989-758-319-3, pages 234-245. DOI: 10.5220/0006868602340245


in Bibtex Style

@conference{secrypt18,
author={Sandip Ghosal and R. K. Shyamasundar and N. V. Narendra Kumar},
title={Static Security Certification of Programs via Dynamic Labelling},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,},
year={2018},
pages={234-245},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006868602340245},
isbn={978-989-758-319-3},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 1: SECRYPT,
TI - Static Security Certification of Programs via Dynamic Labelling
SN - 978-989-758-319-3
AU - Ghosal S.
AU - K. Shyamasundar R.
AU - V. Narendra Kumar N.
PY - 2018
SP - 234
EP - 245
DO - 10.5220/0006868602340245