PLIF Platform: Modeling and Verification of Information Flows in Software DB Units Using the Temporal Logic of Actions (TLA+)

The verification of software properties using formal verification tools is one of the current research directions in the field of information flow control. Security conditions for information flows in software under various information noninterference schemes are naturally described by so-called hyper-properties in well-known extensions of linear temporal logic and computation tree logic. In practice, the verification of these properties for large projects is a nontrivial task. In this work, the authors translate the idea of dynamic type checking to detect illegal information flows into the realm of computational verification using model-checking tools. Computations over security labels (safe types) are described by abstract semantics of information flows. Transitioning from concrete computational semantics to abstract semantics of information flows allows us to formulate these security properties as state properties. In this case, proven tools for large industrial projects, such as TLA+ and TLC, can be used for the description and verification of real computer systems.