NexTech 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • UBICOMM 2021, The Fifteenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2021, The Fifteenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2021, The Fifteenth International Conference on Advances in Semantic Processing
  • AMBIENT 2021, The Eleventh International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2021, The Thirteenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2021, The Tenth International Conference on Data Analytics
  • GLOBAL HEALTH 2021, The Tenth International Conference on Global Health Challenges
  • CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems

SoftNet 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • ICSEA 2021, The Sixteenth International Conference on Software Engineering Advances
  • ICSNC 2021, The Sixteenth International Conference on Systems and Networks Communications
  • CENTRIC 2021, The Fourteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2021, The Thirteenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2021, The Thirteenth International Conference on Advances in System Simulation
  • SOTICS 2021, The Eleventh International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2021, The Tenth International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2021, The Sixth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

NetWare 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • SENSORCOMM 2021, The Fifteenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2021, The Twelfth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2021, The Fifteenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2021, The Thirteenth International Conference on Advances in Future Internet
  • CENICS 2021, The Fourteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2021, The Fifteenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2021, The Seventh International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2021, The Sixth International Conference on Green Communications, Computing and Technologies

TrendNews 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • CORETA 2021, Advances on Core Technologies and Applications
  • DIGITAL 2021, Advances on Societal Digital Transformation

 


ThinkMind // International Journal On Advances in Software, volume 9, numbers 3 and 4, 2016 // View article soft_v9_n34_2016_4


Automatic Information Flow Validation for High-Assurance Systems

Authors:
Kevin Mueller
Sascha Uhrig
Flemming Nielson
Hanne Riis Nielson
Ximeng Li
Michael Paulitsch
Georg Sigl

Keywords: Security; High-Assurance; Information Flow; Decentralized Label Model

Abstract:
Nowaydays, safety-critical systems in high-assurance domains such as aviation or transportation need to consider secure operation and demonstrate its reliable operation by presenting domain-specific level of evidences. Many tools for automated code analyses and automated testing exist to ensure safe and secure operation; however, ensuring secure information flows is new in the high-assurance domains. The Decentralized Label Model (DLM) allows to partially automate, model and prove correct information flows in applications’ source code. Unfortunately, the DLM targets Java applications; hence, it is not applicable for many high-assurance domains with strong realtime guarantees. Reasons are issues with the dynamic character of object-oriented programming or the in general uncertain behaviors of features like garbage collectors of the commonly necessary runtime environments. Hence, many high-assurance systems are still implemented in C. In this article, we discuss DLM in the context of such high-assurance systems. For this, we adjust the DLM to the programming language C and developed a suitable tool checker, called Cif. Apart from proving the correctness of information flows statically, Cif is able to illustrate the implemented information flows graphically in a dependency graph. We present this power on generic use cases appearing in almost each program. We further investigate use cases from the high-assurance domains of avionics and railway to identify commonalities regarding security. A common challenge is the development of secure gateways mediating the data transfer between security domains. To demonstrate the benefits of Cif, we applied our method to such a gateway implementation. During the DLM annotation of the use case’s C source code, we identified issues in the current DLM policies, in particular, on annotating special data-dependencies. To solve these issues, we extend the data agnostic character of the traditional DLM and present our new concept on the gateway use case. Even though this paper uses examples from aviation and railway, our approach can be applied equally well to any other safety-critical or security-critical system. This paper demonstrates the power of Cif and its capability to graphically illustrate information flows, and discusses its utility on selected C code examples. It also presents extension to the DLM theory to overcome identified shortcomings.

Pages: 191 to 206

Copyright: Copyright (c) to authors, 2016. Used with permission.

Publication date: December 31, 2016

Published in: journal

ISSN: 1942-2628

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.