SlaLoM: Security by Logic for Multithreaded applications


Funded by: NWO
Duration: March 2010 until March 2014

Publications:

Summary of the project

This project develops a uniform verification framework for the protection of data. Key innovation on which the proposal is based is the notion of self-composition. This gives a different view on classical security properties, recasting them into safety properties of a single program, and allows reuse of existing program verification techniques. We believe that this approach can handle a wide range of data-related security properties, such as confidentiality, integrity and anonymity, in a uniform way, allowing easier comparison. To make the framework usable for realistic applications, which interact with their environment, we concentrate on multithreaded applications, and properties that specify complete executions of an application. In earlier work, we have shown feasibility of the approach by translating the confidentiality problem for multithreaded programs into a model checking problem. However, to make the approach scale, we propose to address the following topics:

  • widening the scope of the studied security properties;
  • development of a realistic program model, containing the main features of a multithreaded language like Java, including unbounded dynamic thread creation and termination;
  • use of parametrised versions of temporal logic formalisms, to be able to express properties over infinite data domains;
  • development of decision procedures for appropriate probabilistic properties;
  • reuse and adaptation of existing tools for algorithmic verification; and
  • definition of appropriate abstractions, to allow verification of infinite state space programs.

Additional Resources

  1. Original project proposal