SlaLoM: Security by Logic for Multithreaded applications
Project funded by the Netherlands Organisation for Scientific Research (NWO) Free Competition program.Project duration: 4 years, to start during the fall of 2009.
- Summary of the project
- Research team
- Open PhD position
- Relevant publications
- Original project proposal
Summary of the project
This project develops a uniform verification framework for the protection of data. Key innovation on which the proposal is based is the notion of self-composition. This gives a different view on classical security properties, recasting them into safety properties of a single program, and allows reuse of existing program verification techniques. We believe that this approach can handle a wide range of data-related security properties, such as confidentiality, integrity and anonymity, in a uniform way, allowing easier comparison. To make the framework usable for realistic applications, which interact with their environment, we concentrate on multithreaded applications, and properties that specify complete executions of an application. In earlier work, we have shown feasibility of the approach by translating the confidentiality problem for multithreaded programs into a model checking problem. However, to make the approach scale, we propose to address the following topics:- widening the scope of the studied security properties;
- development of a realistic program model, containing the main features of a multithreaded language like Java, including unbounded dynamic thread creation and termination;
- use of parametrised versions of temporal logic formalisms, to be able to express properties over infinite data domains;
- development of decision procedures for appropriate probabilistic properties;
- reuse and adaptation of existing tools for algorithmic verification; and
- definition of appropriate abstractions, to allow verification of infinite state space programs.
Research team
The following people are involved in the project- Marieke Huisman (project leader)
- Jaco van de Pol
- Arend Rensink
- Mariëlle Stoelinga