Abstract interpretation-based approaches to Security - A Survey on Abstract Non-Interference and its Challenging Applications

@inproceedings{Mastroeni2013AbstractIA,
  title={Abstract interpretation-based approaches to Security - A Survey on Abstract Non-Interference and its Challenging Applications},
  author={Isabella Mastroeni},
  booktitle={Festschrift for Dave Schmidt},
  year={2013}
}
  • Isabella Mastroeni
  • Published in Festschrift for Dave Schmidt 18 September 2013
  • Computer Science
In this paper we provide a survey on the framework of abstract non-interference. In particular, we describe a general formalization of abstract non-interference by means of three dimensions (observation, protection and semantics) that can be instantiated in order to obtain well known or even new weakened non-interference properties. Then, we show that the notions of abstract non-interference introduced in language-based security are instances of this more general framework which allows to… 

Figures from this paper

Abstract Non-Interference
Non-interference happens when some elements of a dynamic system do not interfere, i.e., do not affect, other elements in the same system. Originally introduced in language-based security,
Abstract Code Injection - A Semantic Approach Based on Abstract Non-Interference
TLDR
This paper provides a semantic-based model for code injection parametric on what the programmer considers safe behaviors, and devise a mechanism for enforcing (abstract) code injection policies, soundly detecting attacks, i.e., avoiding false negatives.
Understanding and Enforcing Opacity
TLDR
A general framework for opacity is presented and its key differences and formal connections with such well-known information-flow models as non-interference, knowledge-based security, and declassification are explored.
Hypercollecting semantics and its application to static analysis of information flow
TLDR
A fixpoint characterisation of hypercollecting semantics, i.e. a "set of sets" transformer, is introduced to enable use of such Galois connections to enable static analysis for secure information flow within the framework of abstract interpretation.
Abstract Program Slicing
TLDR
In the present article, the notion of abstract program slicing is formally defined, a general form of program slicing where properties of data are considered instead of their exact value.
Flexible Information-Flow Control
TLDR
This thesis presents work on ensuring that information processed by computing systems is not disclosed to third parties without the user's permission; i.e. to prevent unwanted flows of information.
MIME - A Formal Approach for Multiple Investigation in (Android) Malware Emulation Analysis
TLDR
A new dynamic and configurable approach to anti-emulation malware analysis, aiming at improving transparency of existing analyses techniques and providing an abstract non-interference-based approach modeling the fact that parameters can be modified dynamically, and the corresponding executions compared.
MIME: A Formal Approach to (Android) Emulation Malware Analysis
TLDR
This paper proposes a new dynamic and configurable approach to anti-emulation malware analysis, aiming at improving transparency of existing analyses techniques and providing an abstract non-interference-based approach modeling the fact that parameters can be modified dynamically, and the corresponding executions compared.
Prudent Design Principles for Information Flow Control
TLDR
Six informal principles for designing information flow security definitions and enforcement mechanisms are put forward: attacker-driven security, trust-aware enforcement, separation of policy annotations and code, language-independence, justified abstraction, and permissiveness.
Analyzing program dependencies for malware detection
TLDR
This work proposes an high order theory for ANI, later called HOANI, that allows to study program dependencies and formalizes and study the malware detection problem in terms of HOANI.
...
...

References

SHOWING 1-10 OF 40 REFERENCES
On the Rôle of Abstract Non-interference in Language-Based Security
TLDR
The role of the notion of Abstract Non-Interference in language based security is illustrated by explaining how it models both the weakening of attackers’ observational capability, and the declassification of private information.
The PER Model of Abstract Non-interference
TLDR
It is shown how abstract domain completeness can be used for enforcing the PER model of abstract non-interference, which allows us to derive unconstrained attacker models, which do not necessarily either observe all public information or ignore all private information.
A Proof System for Abstract Non-interference
TLDR
An inductive proof system is derived that allows us to characterize ANI properties inductively on the syntactic structure of programs and it is shown how this framework can be instantiated to language-based security.
A Per Model of Secure Information Flow in Sequential Programs
TLDR
The approach is inspired by (and in the deterministic case equivalent to) the use of partial equivalence relations in specifying binding-time analysis, and is thus able to specify security properties of higher-order functions and “partially confidential data”.
Adjoining classified and unclassified information by abstract interpretation
TLDR
It is proved that an adjoint relation exists between the power of the attacker and the amount of the information released - the more the attacker can observe, the less information can be kept private.
Semantic-Based Code Obfuscation by Abstract Interpretation
TLDR
A general theory based on abstract interpretation is derived, where the potency of code obfuscation can be measured by comparing hidden properties in the lattice of abstract interpretations.
Modelling declassification policies using abstract domain completeness
TLDR
A three dimensional characterisation of a declassification-based non-interference policy and its consequences is explored, showing how the policy can be refined so that the least amount of confidential information required for making the program secure is declassified.
A semantic approach to secure information flow
Language-based information-flow security
TLDR
A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.
Obfuscation by partial evaluation of distorted interpreters
TLDR
This work presents a novel approach to automatically generating obfuscated code P2 from any program P whose source code is given, and is applied to: code flattening, data-type obfuscation, and opaque predicate insertion.
...
...