Verifying Information Flow Control Over Unbounded Processes

Free registration required

Executive Summary

Decentralized Information Flow Control (DIFC) systems enable programmers to express a desired DIFC policy, and to have the policy enforced via a reference monitor that restricts interactions between system objects, such as processes and les. Past research on DIFC systems focused on the reference-monitor implementation, and assumed that the desired DIFC policy is correctly specified. The focus of this pa-per is an automatic technique to verify that an application, plus its calls to DIFC primitives, does indeed correctly implement a desired policy. The authors present an abstraction that allows a model checker to reason soundly about DIFC programs that manipulate potentially unbounded sets of processes, principals, and communication channels. They implemented the approach and evaluated it on a set of real-world programs.

  • Format: PDF
  • Size: 342.75 KB