Secure Information Flow Analysis Using the PRISM Model Checker

被引：3

作者：

Noroozi, Ali A. ^{[1
]}

Salehi, Khayyam ^{[1
]}

Karimpour, Jaber ^{[1
]}

Isazadeh, Ayaz ^{[1
]}

机构：

[1] Univ Tabriz, Dept Comp Sci, Tabriz, Iran

来源：

INFORMATION SYSTEMS SECURITY (ICISS 2019) | 2019年 / 11952卷

关键词：

Information security; Secure information flow; Observational determinism; Markovian processes; PRISM-Leak; PROBABILISTIC NONINTERFERENCE; OBSERVATIONAL DETERMINISM; LEAKAGE;

D O I：

10.1007/978-3-030-36945-3_9

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Secure information flow checks whether sensitive information leak to public outputs of a program or not. It has been widely used to analyze the security of various programs and protocols and guarantee their confidentiality and robustness. In this paper, the problem of verifying secure information flow of concurrent probabilistic programs is discussed. Programs are modeled by Markovian processes and secure information flow is specified by observational determinism. Then, two algorithms are proposed to verify observational determinism in the Markovian model. The algorithms employ a trace-based approach to traverse the model and check for satisfiability of observational determinism. The proposed algorithms have been implemented into a tool called PRISM-Leak, which is constructed on the PRISM model checker. An anonymity protocol, the dining cryptographers, is discussed as a case study to show how PRISM-Leak can be used to evaluate the security of programs. The scalability of the tool is demonstrated by comparing it to the state-of-the-art information flow tools.

引用

页码：154 / 172

页数：19

共 50 条

[1] Quantitative Analysis With the Probabilistic Model Checker PRISM
Kwiatkowska, Marta
Norman, Gethin
Parker, David
[J]. ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2006, 153 (02) : 5 - 31
[2] Availability Analysis of Satellite Positioning Systems for Aviation using the PRISM Model Checker
Lu, Yu
Miller, Alice
Johnson, Chris
Peng, Zhaoguang
Zhao, Tingdi
[J]. 2014 IEEE 17TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING (CSE), 2014, : 704 - 713
[3] PRISM: Probabilistic symbolic model checker
Kwiatkowska, M
Norman, G
Parker, D
[J]. COMPUTER PERFORMANCE EVALUATION: MODELLING TECHNIQUES AND TOOLS, 2002, 2324 : 200 - 204
[4] Family-based Model Checking using Probabilistic Model Checker PRISM
Kishi, Tomoji
[J]. PROCEEDINGS OF THE 2023 30TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE, APSEC 2023, 2023, : 376 - 385
[5] Using PRISM model checker as a validation tool for an analytical model of IEEE 802.15.4 networks
Kapus, Tatjana
[J]. SIMULATION MODELLING PRACTICE AND THEORY, 2017, 77 : 367 - 378
[6] Quantitative Verification of Beta Reputation System Using PRISM Probabilistic Model Checker
Bidgoly, Amir Jalaly
Ladani, Behrouz Tork
[J]. 2013 10TH INTERNATIONAL ISC CONFERENCE ON INFORMATION SECURITY AND CRYPTOLOGY (ISCISC), 2013,
[7] A Policy Model for Secure Information Flow
Adetoye, Adedayo O.
Badii, Atta
[J]. FOUNDATIONS AND APPLICATIONS OF SECURITY ANALYSIS, 2009, 5511 : 1 - 17
[8] Secure information sharing in social agent interactions using information flow analysis
Bijani, Shahriar
Robertson, David
Aspinall, David
[J]. ENGINEERING APPLICATIONS OF ARTIFICIAL INTELLIGENCE, 2018, 70 : 52 - 66
[9] Principles of secure information flow analysis
Smith, Geoffrey
[J]. Malware Detection, 2007, : 291 - 307
[10] An Extension For PRISM Model Checker To Reduce Computation Time For Steady State Probability Analysis
Ghosh, Debjani
Gautam, Satya Sankalp
Pandey, Mayank
[J]. 2020 INTERNATIONAL CONFERENCE ON INNOVATIVE TRENDS IN INFORMATION TECHNOLOGY (ICITIIT), 2020,

← 1 2 3 4 5 →