Conference Proceedings
Assume but Verify: Deductive Verification of Leaked Information in Concurrent Applications
Toby Murray, Mukesh Tiwari, Gidon Ernst, David A Naumann
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security | Association for Computing Machinery | Published : 2023
Abstract
We consider the problem of specifying and proving the security of non-trivial, concurrent programs that intentionally leak information. We present a method that decomposes the problem into (a) proving that the program only leaks information it has declassified via assume annotations already widely used in deductive program verification; and (b) auditing the declassifications against a declarative security policy. We show how condition (a) can be enforced by an extension of the existing program logic SecCSL, and how (b) can be checked by proving a set of simple entailments. Part of the challenge is to define respective semantic soundness criteria and to formally connect these to the logic rul..
View full abstractRelated Projects (1)
Grants
Awarded by U.S. Department of the Navy, Office of Naval Research
Awarded by NSF
Funding Acknowledgements
This research was sponsored by the U.S. Department of the Navy, Office of Naval Research, under award N62909-18-1-2049. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research. This material is based upon work supported by the Commonwealth of Australia Defence Science and Technology Group, Next Generation Technologies Fund (NGTF) Naumann was supported in part by NSF award CNS-1718713.