A verified information-flow architecture

被引:9
|
作者
de Amorim, Arthur Azevedo [1 ]
Collins, Nathan [7 ]
DeHon, Andre [1 ]
Demange, Delphine [5 ]
Hritcu, Catalin [3 ]
Pichardie, David [6 ]
Pierce, Benjamin C. [1 ]
Pollack, Randy [4 ]
Tolmach, Andrew [2 ]
机构
[1] Univ Penn, Philadelphia, PA 19104 USA
[2] Portland State Univ, Portland, OR 97207 USA
[3] INRIA, Paris, France
[4] Harvard Univ, Boston, MA 02115 USA
[5] Univ Rennes 1, IRISA, Rennes, France
[6] ENS Rennes, IRISA, Rennes, France
[7] Galois Inc, Portland, OR USA
关键词
Security; clean-slate design; tagged architecture; information-flow control; formal verification; refinement;
D O I
10.3233/JCS-15784
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and flexible propagation and combination of tags as instructions are executed. The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. We present a formal, machine-checked model of the key hardware and software mechanisms used to dynamically control information flow in SAFE and an end-to-end proof of noninterference for this model. We use a refinement proof methodology to propagate the noninterference property of the abstract machine down to the concrete machine level. We use an intermediate layer in the refinement chain that factors out the details of the information-flow control policy and devise a code generator for compiling such information-flow policies into low-level monitor code. Finally, we verify the correctness of this generator using a dedicated Hoare logic that abstracts from low-level machine instructions into a reusable set of verified structured code generators.
引用
收藏
页码:689 / 734
页数:46
相关论文
共 50 条
  • [41] THE INFORMATION-FLOW BETWEEN JAPAN AND EUROPE
    GALINSKI, C
    [J]. NACHRICHTEN FUR DOKUMENTATION, 1984, 35 (03): : 152 - 158
  • [42] Quantum information-flow, concretely, and axiomatically
    Coecke, B
    [J]. QUANTUM INFORMATICS 2004, 2004, 5833 : 15 - 29
  • [43] STRUCTURING AN INFORMATION-FLOW FOR AUTONOMOUS SYSTEMS
    SZCZERBICKI, E
    [J]. INTERNATIONAL JOURNAL OF SYSTEMS SCIENCE, 1991, 22 (12) : 2599 - 2609
  • [44] SECURITY INFORMATION-FLOW IN MULTIDIMENSIONAL ARRAYS
    KRAMER, SM
    SIDHU, DP
    [J]. IEEE TRANSACTIONS ON COMPUTERS, 1983, 32 (12) : 1188 - 1191
  • [45] STRUCTURE OF SCIENTIFIC INFORMATION-FLOW IN BIOLOGY
    LASTOVKA, EV
    [J]. NAUCHNO-TEKHNICHESKAYA INFORMATSIYA SERIYA 1-ORGANIZATSIYA I METODIKA INFORMATSIONNOI RABOTY, 1975, (11): : 15 - 20
  • [46] PIFT: Predictive information-flow tracking
    Yoon M.-K.
    Salajegheh N.
    Chen Y.
    Christodorescu M.
    [J]. 1600, Association for Computing Machinery (51): : 713 - 725
  • [47] INVESTIGATION OF THE INFORMATION-FLOW IN THE FIELD OF IMMUNOLOGY
    SHARABCHIEV, YT
    KOVSHAROVA, GG
    [J]. NAUCHNO-TEKHNICHESKAYA INFORMATSIYA SERIYA 1-ORGANIZATSIYA I METODIKA INFORMATSIONNOI RABOTY, 1982, (04): : 20 - 22
  • [48] INFORMATION-FLOW IN MODULAR FLOWSHEETING SYSTEMS
    METCALFE, SR
    PERKINS, JD
    [J]. TRANSACTIONS OF THE INSTITUTION OF CHEMICAL ENGINEERS, 1978, 56 (03): : 210 - 213
  • [49] INTERACTION OF INFORMATION-FLOW WITH CM SYSTEMS
    BHANDARI, N
    [J]. JOURNAL OF THE CONSTRUCTION DIVISION-ASCE, 1978, 104 (03): : 261 - 268
  • [50] CHARACTER AND THE STRUCTURE OF INFORMATION-FLOW IN BIOTECHNOLOGY
    ARSENOVA, I
    [J]. NAUCHNO-TEKHNICHESKAYA INFORMATSIYA SERIYA 1-ORGANIZATSIYA I METODIKA INFORMATSIONNOI RABOTY, 1990, (02): : 25 - &