当前位置: X-MOL 学术J. Comput. Lang. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Enforcing globally dependent flow policies in message-passing systems
Journal of Computer Languages ( IF 2.2 ) Pub Date : 2019-06-05 , DOI: 10.1016/j.cola.2019.100904
Ximeng Li , Flemming Nielson , Hanne Riis Nielson

The flow of information in a computing system is a crucial indicator for the security of the system. In a system of multiple message-passing processes, the flow of information could depend on the states of different processes. We devise a type-based verification technique for flow policies with such multi-process (global) dependencies, to provide confidentiality guarantees. In this technique, the confidentiality requirements for the presence and content of messages are dealt with separately. We develop a pair of synergetic static analyses to over-approximate the potential sets of values of the variables depended upon by the flow policies – covering global value correspondence between the variables of different processes. We significantly improve the permissiveness of security typing by exploiting information about which variables are live, and by specializing the flow policies using the conditional expressions of branching and looping constructs. We prove the soundness of our verification technique, provide a proof-of-concept implementation of it, and illustrate its effectiveness at an example system where the flow of information depends on how the headers of the messages from different processes correlate.



中文翻译:

在消息传递系统中实施全局依赖的流策略

计算系统中的信息流是系统安全的关键指标。在具有多个消息传递过程的系统中,信息流可能取决于不同过程的状态。我们为具有这种多进程(全局)依赖性的流策略设计一种基于类型的验证技术,以提供机密性保证。在这种技术中,消息存在和内容的机密性要求是分开处理的。我们开发了一对协同静态分析,以过度逼近流量策略所依赖的变量的潜在值集-涵盖了不同过程变量之间的全局值对应。通过利用有关哪些变量有效的信息,我们可以显着提高安全类型的允许性,通过使用分支和循环构造的条件表达式来专门化流策略。我们证明了我们的验证技术的正确性,提供了它的概念验证实现,并在示例系统中说明了其有效性,在该示例系统中,信息流取决于来自不同进程的消息头如何关联。

更新日期:2019-06-05
down
wechat
bug