<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">mireabulletin</journal-id><journal-title-group><journal-title xml:lang="ru">Russian Technological Journal</journal-title><trans-title-group xml:lang="en"><trans-title>Russian Technological Journal</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2782-3210</issn><issn pub-type="epub">2500-316X</issn><publisher><publisher-name>RTU MIREA</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.32362/2500-316X-2024-12-2-16-27</article-id><article-id custom-type="elpub" pub-id-type="custom">mireabulletin-877</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ СИСТЕМЫ. ИНФОРМАТИКА. ПРОБЛЕМЫ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION SYSTEMS. COMPUTER SCIENCES. ISSUES OF INFORMATION SECURITY</subject></subj-group></article-categories><title-group><article-title>Технология анализа безопасности информационных потоков в программном обеспечении, реализующем бизнес-логику с использованием хранимых программных блоков баз данных</article-title><trans-title-group xml:lang="en"><trans-title>Analysis of information flow security using software implementing business logic based on stored database program blocks</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-4306-789X</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Тимаков</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Timakov</surname><given-names>A. А.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Тимаков Алексей Анатольевич, к.т.н., доцент, доцент кафедры информационной безопасности, Институт искусственного интеллекта</p><p>119454, Москва, пр-т Вернадского, д. 78</p><p>Scopus Author ID 57809572100</p><p> </p></bio><bio xml:lang="en"><p>Aleksey A. Timakov, Cand. Sci. (Eng.), Associate Professor, Department of Information Security, Institute of Artificial Intelligence</p><p>78, Vernadskogo pr., Moscow, 119454</p></bio><email xlink:type="simple">timakov@mirea.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>ФГБОУ ВО «МИРЭА – Российский технологический университет»</institution><country>Россия</country></aff><aff xml:lang="en"><institution>MIREA – Russian Technological University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2024</year></pub-date><pub-date pub-type="epub"><day>05</day><month>04</month><year>2024</year></pub-date><volume>12</volume><issue>2</issue><elocation-id>16–27</elocation-id><permissions><copyright-statement>Copyright &amp;#x00A9; Тимаков А.А., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Тимаков А.А.</copyright-holder><copyright-holder xml:lang="en">Timakov A.А.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.rtj-mirea.ru/jour/article/view/877">https://www.rtj-mirea.ru/jour/article/view/877</self-uri><abstract><p>Цели. Проверка свойств безопасности программного обеспечения (ПО) при построении информационных систем с высоким уровнем доверия, как правило, осуществляется с использованием инструментов динамического и статического анализа. Соответствующие виды анализа обычно не учитывают бизнес-логику ПО и не опираются на политику управления доступом к данным. Современным направлением решения проблемы является контроль информационных потоков. Несмотря на большое количество проведенных исследований, механизмы контроля информационных потоков в ПО пока не находят широкого применения на практике, поскольку обладают значительной сложностью и диктуют повышенные требования к разработчикам. Целью работы является перенос контроля информационных потоков с языкового уровня на уровень формальной верификации и выделение функции контроля целостности и конфиденциальности данных в ПО в самостоятельную задачу, решаемую аналитиками информационной безопасности.Методы. Исследование опирается на общие формальные методы безопасности компьютерных систем и методы формальной верификации. Разработанный автором алгоритм проверки спецификаций использует аппарат темпоральной логики действий.Результаты. Представлена технология, предполагающая поэтапное решение частных задач: проектирование базы данных (БД) для хранения и обработки подлежащей защите информации, анализ зависимостей и выделение релевантного множества программных блоков БД, генерация спецификаций TLA+ выделенных программных блоков БД, разметка спецификаций в соответствии с правилами глобальной политики безопасности и дополнительными ограничениями, применение алгоритма проверки спецификаций и устранение нарушений инварианта безопасности с внесением рекомендаций для разработчиков ПО, применение процедуры анализа помеченных данных для контроля распространения выходных значений верифицированных программных блоков БД во внешних программных модулях.Выводы. Представленная технология не требует от разработчиков внесения избыточных аннотаций, описывающих правила политики безопасности. Функция анализа информационных потоков с привязкой к заданным в системе ограничениям доступа выносится на отдельный этап жизненного цикла разработки ПО. </p></abstract><trans-abstract xml:lang="en"><p>Objectives. Verification of software security is typically performed using dynamic and static analysis tools. The corresponding types of analysis do not usually consider the business logic of the software and do not rely on data access control policies. A modern approach to resolving this problem is to implement language-based information flow control. Despite a large amount of research, mechanisms for information flow control in software are not widely used in practice. This is because they are complex and impose increased demands on developers. The aim of the work is to transfer information flow control from the language level to the level of formal verification. This will enable the functions of controlling data integrity and confidentiality in software to be isolated into a separate task, which can be resolved by information security analysts.Methods. The research is based on general formal security methods for computer systems and formal verification methods. The algorithm developed by the author for checking security specifications and resolving security violations uses temporal logic of actions.Results. The technology is presented as a step-by-step approach to resolving specific tasks, including the following: designing a database (DB) for storing and processing sensitive information; analyzing dependencies and identifying relevant sets of program blocks in the DB; generating TLA+ specifications for the identified program blocks; labeling specifications according to global security policy rules and additional constraints; applying the specification verification algorithm, and resolving security violations while providing recommendations for software developers. The procedure also involves analyzing labeled data, in order to control the spread of verified program block output values in external software modules.Conclusions. The technology presented herein does not require developers to include redundant annotations describing security policy rules. The function of analyzing information flows with reference to predefined access restrictions is moved to a separate stage of the software development life cycle.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>информационные потоки</kwd><kwd>контроль информационных потоков</kwd><kwd>формальная верификация</kwd><kwd>языковая платформа</kwd><kwd>политика безопасности</kwd><kwd>абстрактная семантика</kwd><kwd>информационное невлияние</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information flows</kwd><kwd>information flow control</kwd><kwd>formal verification</kwd><kwd>language platform</kwd><kwd>security policy</kwd><kwd>abstract semantics</kwd><kwd>non-interference</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Девянин П.Н., Тележников В.Ю., Хорошилов А.В. Формирование методологии разработки безопасного системного программного обеспечения на примере операционных систем. Труды Института системного программирования РАН. 2021;33(5):25–40. https://doi.org/10.15514/ISPRAS-2021-33(5)-2</mixed-citation><mixed-citation xml:lang="en">Devyanin P.N., Telezhnikiv V.I., Khoroshilov A.V. Building a methodology for secure system software development on the example of operating systems. Trudy Instituta sistemnogo programmirovaniya RAN = Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2021;33(5):25–40 (in Russ.). https://doi.org/10.15514/ISPRAS-2021-33(5)-2</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Timakov A.A. Information flow control in software DB units based on formal verification. Program. Comput. Soft. 2022;48(4):265–285. https://doi.org/10.1134/S0361768822040053</mixed-citation><mixed-citation xml:lang="en">Timakov A.A. Information flow control in software DB units based on formal verification. Program. Comput. Soft. 2022;48(4):265–285. https://doi.org/10.1134/S0361768822040053</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Hedin D., Sabelfeld A. A Perspective on Information-Flow Control. In: Software Safety and Security. 2012;33:319–347. https://doi.org/10.3233/978-1-61499-028-4-319</mixed-citation><mixed-citation xml:lang="en">Hedin D., Sabelfeld A. A Perspective on Information-Flow Control. In: Software Safety and Security. 2012;33:319–347. https://doi.org/10.3233/978-1-61499-028-4-319</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Kozyri E., Chong S., Myers A.C. Expressing Information Flow Properties. Foundations and Trends® in Privacy and Security. 2022;3(1):1–102. http://doi.org/10.1561/3300000008</mixed-citation><mixed-citation xml:lang="en">Kozyri E., Chong S., Myers A.C. Expressing Information Flow Properties. Foundations and Trends® in Privacy and Security. 2022;3(1):1–102. http://doi.org/10.1561/3300000008</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Volpano D., Smith G. Probabilistic noninterference in a concurrent language. Journal of Computer Security (JCS). 1999;7(2):231–253. http://doi.org/10.3233/JCS-1999-72-305</mixed-citation><mixed-citation xml:lang="en">Volpano D., Smith G. Probabilistic noninterference in a concurrent language. Journal of Computer Security (JCS). 1999;7(2):231–253. http://doi.org/10.3233/JCS-1999-72-305</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Sabelfeld A., Sands D. Probabilistic noninterference for multi-threaded programs. In: Proceedings 13th IEEE Computer Security Foundations Workshop (CSFW-13). 2000. P. 200–214. https://doi.org/10.1109/CSFW.2000.856937</mixed-citation><mixed-citation xml:lang="en">Sabelfeld A., Sands D. Probabilistic noninterference for multi-threaded programs. In: Proceedings 13th IEEE Computer Security Foundations Workshop (CSFW-13). 2000. P. 200–214. https://doi.org/10.1109/CSFW.2000.856937</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Askarov A., Chong S. Learning is Change in Knowledge: Knowledge-Based Security for Dynamic Policies. In: Proceedings 25th IEEE Computer Security Foundations Symposium (CSF 2012). 2012. P. 308–322. https://doi.org/10.1109/CSF.2012.31</mixed-citation><mixed-citation xml:lang="en">Askarov A., Chong S. Learning is Change in Knowledge: Knowledge-Based Security for Dynamic Policies. In: Proceedings 25th IEEE Computer Security Foundations Symposium (CSF 2012). 2012. P. 308–322. https://doi.org/10.1109/CSF.2012.31</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Sutherland D. A model of information. In: Proceedings of the 9th National Security Conference. 1986. P. 175–183.</mixed-citation><mixed-citation xml:lang="en">Sutherland D. A model of information. In: Proceedings of the 9th National Security Conference. 1986. P. 175–183.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Volpano D., Irvine C., Smith G. Sound type system for secure flow analysis. Journal of Computer Security (JCS). 1996;4(2–3): 167–187.</mixed-citation><mixed-citation xml:lang="en">Volpano D., Irvine C., Smith G. Sound type system for secure flow analysis. Journal of Computer Security (JCS). 1996;4(2–3): 167–187.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Mantel H., Sudbrock H. Types vs. PDGs in information flow analysis. In: Albert E. (Ed.). Logic-Based Program Synthesis and Transformation. The 22nd International Symposium, LOPSTR 2012. Proceedings. Springer. 2012. Р. 106–121. https://doi.org/10.1007/978-3-642-38197-3_8</mixed-citation><mixed-citation xml:lang="en">Mantel H., Sudbrock H. Types vs. PDGs in information flow analysis. In: Albert E. (Ed.). Logic-Based Program Synthesis and Transformation. The 22nd International Symposium, LOPSTR 2012. Proceedings. Springer. 2012. Р. 106–121. https://doi.org/10.1007/978-3-642-38197-3_8</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Myers A.C., Liskov B. A decentralized model for information flow control. ACM SIGOPS Operating Systems Review. 1997;5:129–142. https://doi.org/10.1145/268998.266669</mixed-citation><mixed-citation xml:lang="en">Myers A.C., Liskov B. A decentralized model for information flow control. ACM SIGOPS Operating Systems Review. 1997;5:129–142. https://doi.org/10.1145/268998.266669</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Graf J., Hecker M., Mohr M., Snelting G. Checking applications using security APIs with JOANA. In: 8th International Workshop on Analysis of Security APIs. Proceedings. 2015. P. 118–129.</mixed-citation><mixed-citation xml:lang="en">Graf J., Hecker M., Mohr M., Snelting G. Checking applications using security APIs with JOANA. In: 8th International Workshop on Analysis of Security APIs. Proceedings. 2015. P. 118–129.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Broberg N., van Delft B., Sands D. Paragon for practical programming with information-flow control. In: Shan C. (Ed.). Programming Languages and Systems: The 11th Asian Symposium, APLAS 2013. Proceedings. Springer. 2013. Р. 217–232. https://doi.org/10.1007/978-3-319-03542-0_16</mixed-citation><mixed-citation xml:lang="en">Broberg N., van Delft B., Sands D. Paragon for practical programming with information-flow control. In: Shan C. (Ed.). Programming Languages and Systems: The 11th Asian Symposium, APLAS 2013. Proceedings. Springer. 2013. Р. 217–232. https://doi.org/10.1007/978-3-319-03542-0_16</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Clarkson M.R., Finkbeiner B., Koleini M., Micinski K.K., Rabe M.N., Sánchez C. Temporal logics for hyperproperties. In: Abadi M., Kremer S. (Eds.). Principles of Security and Trust: The Third International Conference, POST 2014. Proceedings. Berlin, Heidelberg: Springer; 2014. Р. 265–284. https://doi.org/10.1007/978-3-642-54792-8_15</mixed-citation><mixed-citation xml:lang="en">Clarkson M.R., Finkbeiner B., Koleini M., Micinski K.K., Rabe M.N., Sánchez C. Temporal logics for hyperproperties. In: Abadi M., Kremer S. (Eds.). Principles of Security and Trust: The Third International Conference, POST 2014. Proceedings. Berlin, Heidelberg: Springer; 2014. Р. 265–284. https://doi.org/10.1007/978-3-642-54792-8_15</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Terauchi T., Aiken A. Secure information flow as a safety problem. In: Hankin C., Siveroni I. (Eds.). In: Static Analysis: The 12th International Static Symposium, SAS 2005. Proceedings. Berlin, Heidelberg: Springer. 2005. P. 352–367. https://doi.org/10.1007/11547662_24</mixed-citation><mixed-citation xml:lang="en">Terauchi T., Aiken A. Secure information flow as a safety problem. In: Hankin C., Siveroni I. (Eds.). In: Static Analysis: The 12th International Static Symposium, SAS 2005. Proceedings. Berlin, Heidelberg: Springer. 2005. P. 352–367. https://doi.org/10.1007/11547662_24</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Тимаков А.А. Вариант реализации процедуры анализа информационных потоков в программных блоках PL/SQL с использованием платформы PLIF. Программирование. 2023;4:39–57.</mixed-citation><mixed-citation xml:lang="en">Timakov A.A. Scenario of Information Flow Analysis Implementation in PL/SQL Program Units with PLIF Platform. Program. Comput. Soft. 2023;49(4):215–231. https://doi.org/10.1134/S0361768823040114 [Original Russian Text: Timakov A.A. Scenario of Information Flow Analysis Implementation in PL/SQL Program Units with PLIF Platform. Programmirovanie. 2023;4:215–231 (in Russ.).]</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Broberg N., Sands D. Paralocks: Role based information flow control and beyond. In: Proceedings of the Conference Record of the Annual ACM Symposium on Principles of Programming Languages. 2010. P. 431–444. https://doi.org/10.1145/1706299.1706349</mixed-citation><mixed-citation xml:lang="en">Broberg N., Sands D. Paralocks: Role based information flow control and beyond. In: Proceedings of the Conference Record of the Annual ACM Symposium on Principles of Programming Languages. 2010. P. 431–444. https://doi.org/10.1145/1706299.1706349</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Sabelfeld A., Sands D. Declassification: Dimensions and principles. Journal of Computer Security (JCS). 2009;17(5):517–548. http://doi.org/10.3233/JCS-2009-0352</mixed-citation><mixed-citation xml:lang="en">Sabelfeld A., Sands D. Declassification: Dimensions and principles. Journal of Computer Security (JCS). 2009;17(5):517–548. http://doi.org/10.3233/JCS-2009-0352</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Youn D., Lee S., Ryu S. Declarative static analysis for multilingual programs using CodeQL. Software: Practice and Experience. 2023;53(7):1472–1495. https://doi.org/10.1002/spe.3199</mixed-citation><mixed-citation xml:lang="en">Youn D., Lee S., Ryu S. Declarative static analysis for multilingual programs using CodeQL. Software: Practice and Experience. 2023;53(7):1472–1495. https://doi.org/10.1002/spe.3199</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
