A New Enforcement on Declassification with Reachability Analysis

TL;DR

This paper introduces a novel automated verification method for enforcing declassification policies in language-based security, using reachability analysis and self-composition to improve precision over traditional type-based methods.

Contribution

It proposes a new security property for declassification and an enforcement approach based on reachability analysis with a self-composition technique.

Findings

More precise enforcement than type-based methods.

Automated verification reduces manual effort.

Effective modeling of declassified expressions.

Abstract

Language-based information flow security aims to decide whether an action-observable program can unintentionally leak confidential information if it has the authority to access confidential data. Recent concerns about declassification polices have provided many choices for practical intended information release, but more precise enforcement mechanism for these policies is insufficiently studied. In this paper, we propose a security property on the where-dimension of declassification and present an enforcement based on automated verification. The approach automatically transforms the abstract model with a variant of self-composition, and checks the reachability of illegal-flow state of the model after transformation. The self-composition is equipped with a store-match pattern to reduce the state space and to model the equivalence of declassified expressions in the premise of property. The evaluation shows that our approach is more precise than type-based enforcement.