Filters








33 Hits in 4.4 sec

Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage [chapter]

David von Oheimb
2004 Lecture Notes in Computer Science  
We revisit the classical notion of noninterference for statebased systems, as presented by Rushby in 1992.  ...  Inspired partially by Mantel's observations on unwinding for event systems, we remove the restriction on the unwinding relation to be an equivalence and obtain new insights in the connection between unwinding  ...  Acknowledgments We thank several people including John Rushby, Heiko Mantel, Peter Ryan, Volkmar Lotz, Stephan Merz, and Tamara Rezk for their encouragement and feedback on drafts of this paper.  ... 
doi:10.1007/978-3-540-30108-0_14 fatcat:bd3vzfbcabdtpm43nej2dclqha

Unwinding Conditional Noninterference [article]

Chenyi Zhang
2010 arXiv   pre-print
We also present unwinding relations that are both sound and complete for the new policies.  ...  Noninterference provides a control over information flow in a system for ensuring confidentiality and integrity properties.  ...  intransitive noninterference with three security levels in process algebra CSP.  ... 
arXiv:1003.3893v1 fatcat:ayujtzhkmzdhpfqfya2vc4bmm4

A comparison of semantic models for noninterference

Ron van der Meyden, Chenyi Zhang
2010 Theoretical Computer Science  
The literature on definitions of security based on causality-like notions such as noninterference has used several distinct semantic models for systems.  ...  However, such a situation would often be a reason for the system to be declared insecure.  ...  Given the equivalence of noninterference and the existence of an unwinding relation in deterministic systems (Theorem 3.7), the following is a natural approach to the generalization of noninterference  ... 
doi:10.1016/j.tcs.2010.08.013 fatcat:z3p2bf5v3vbidnayeziqatdtry

Complexity and Unwinding for Intransitive Noninterference [article]

Sebastian Eggert and Ron van der Meyden and Henning Schnoor and Thomas Wilke
2013 arXiv   pre-print
The most important ingredients in the proofs of the PTIME upper bounds are new characterizations of the respective security notions, which also lead to new unwinding proof techniques that are shown to  ...  The paper considers several definitions of information flow security for intransitive policies from the point of view of the complexity of verifying whether a finite-state system is secure.  ...  (both CCS and CSP flavours).  ... 
arXiv:1308.1204v1 fatcat:z4qztgkrmvfm5h7wp3thd7d6hy

Proving Noninterference and Functional Correctness Using Traces

John McLean
1992 Journal of Computer Security  
This extension provides a method for proving program correctness that permits a direct proof of program Noninterference without having to produce an intermediate finite state machine and unwinding conditions  ...  It also allows us to prove security at an abstract level so that changes to programs that do not affect functional behavior will not affect the security proof. 1. For example, see [19] . 2.  ...  The method for proving Noninterference described here was first presented at the workshop, Mathematical Concepts of Dependable Systems, held at Mathematisches Forschunginstitut Oberwolfach.  ... 
doi:10.3233/jcs-1992-1103 fatcat:55qixdkcazf4xgvhyw2ugi25qe

A Comparison of Semantic Models for Noninterference [chapter]

Ron van der Meyden, Chenyi Zhang
2007 Lecture Notes in Computer Science  
The literature on definitions of security based on causality-like notions such as noninterference has used several distinct semantic models for systems.  ...  This paper studies the relationship between semantic frameworks, by defining mappings between a number of semantic models and studying the relationship between notions of noninterference under these mappings  ...  In [McC90] McCullough mentions both definitions and concludes that the one on labelled transition systems is a stronger notion. The cleanest presentation of the LTS  ... 
doi:10.1007/978-3-540-75227-1_16 fatcat:cbvaadmq2zdivk2dho7iufcq6y

Symbolic algorithmic verification of intransitive generalized noninterference

CongHua Zhou, ZhiFeng Liu, HaiLing Wu, Song Chen, ShiGuang Ju
2011 Science China Information Sciences  
Our technique is based on the search for counterexamples and on the window induction proof, and can be used to verify generalized noninterference.  ...  Generalized noninterference can be used to formulate transitive security policies, but is unsuitable for intransitive security policies.  ...  In this method, an "unwinding theorem" is constructed, from which noninterference, a global constraint, is reduced to the local constraint involved in single-step state transitions.  ... 
doi:10.1007/s11432-011-4372-y fatcat:5evdkrrpfvhnjff6hem3j4yhmu

The Complexity of Intransitive Noninterference

Sebastian Eggert, Ron van der Meyden, Henning Schnoor, Thomas Wilke
2011 2011 IEEE Symposium on Security and Privacy  
1 The paper considers several definitions of information flow security for intransitive policies from the point of view of the complexity of verifying whether a finite-state system is secure.  ...  The most important ingredients in the proofs of the PTIME upper bounds are new characterizations of the respective security notions, which also enable the algorithms to return simple counterexamples demonstrating  ...  to define an unwinding relation that forms the basis for the proof, and typically also has involved manual driving (proof rule selection) of the theorem proving tool within which the proof is conducted  ... 
doi:10.1109/sp.2011.30 dblp:conf/sp/EggertMSW11 fatcat:fdi3sivgo5hzbh7ui2wgfeoosa

Semantic models for information flow

Gavin Lowe
2004 Theoretical Computer Science  
We base our deÿnition upon an operational model of CSP that reasons about the ways in which nondeterministic choices can be resolved, and so is more discriminating than previous models.  ...  Our deÿnition of information ow is then that the behaviour of one agent can have some in uence upon another agent's view of the system.  ...  I would also like to thank the anonymous referee for useful comments. This work was mostly carried out while I was employed at the University of Leicester.  ... 
doi:10.1016/j.tcs.2003.11.019 fatcat:tquor3itcvez7c5siqevuzcu24

Controlling information release in the π-calculus

Silvia Crafa, Sabina Rossi
2007 Information and Computation  
We introduce a notion of controlled information release for a typed version of the -calculus extended with declassification primitives; this property scales to noninterference when downgrading is not allowed  ...  P Replication T ::= [ ] | [T ] | 0 Inactive and, inspired by the definitions in [12] for imperative and multi-threaded languages, we prove that . ≈ is reflexive only on the set of secure processes.  ...  It simply states that "the security for programs with no declassification is equivalent to noninterference".  ... 
doi:10.1016/j.ic.2007.01.001 fatcat:kbi6dblrl5cnfah2qulanocru4

Intransitive noninterference in nondeterministic systems

Kai Engelhardt, Ron van der Meyden, Chenyi Zhang
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
This paper addresses the question of how TA-security, a semantics for intransitive information-flow policies in deterministic systems, can be generalized to nondeterministic systems.  ...  a system in which two multi-level secure machines M1 and M2 communicate across the internet.  ...  UNWINDING Unwinding is a useful technique for security proofs, which reduces the verification of security to checking the existence of binary relations on states.  ... 
doi:10.1145/2382196.2382288 dblp:conf/ccs/EngelhardtMZ12 fatcat:hspq4qfzfrbvhdcgqnx2rj3gla

Information flow in secure contexts

Annalisa Bossi, Damiano Macedonio, Carla Piazza, Sabina Rossi
2005 Journal of Computer Security  
To relax this requirement we introduce the notion of secure contexts for a class of processes.  ...  supported by the EU Contract IST-2001-32617 "Models and Types for Security in Mobile Distributed Systems" (MyThS) and the FIRB project RBAU018RCZ "Interpretazione astratta e model checking per la verifica  ...  In [27] a formalization of intransitive noninterference in the context of deterministic CSP is presented.  ... 
doi:10.3233/jcs-2005-13303 fatcat:llmzfdrpn5hv5jfmkz6ec4xb44

Security of multi-agent systems: A case study on comparison shopping

Dieter Hutter, Heiko Mantel, Ina Schaefer, Axel Schairer
2007 Journal of Applied Logic  
The techniques for decomposing security requirements, for verifying individual agents, and for deriving global security guarantees for the entire system from locally verified properties are all generic  ...  The security requirements for the overall system are then decomposed into requirements for the individual agents that can be verified independently from each other.  ...  An unwinding theorem ensures that the set of unwinding conditions implies the given closure property. The inductive argument is done once and for all in the proof of the unwinding theorem.  ... 
doi:10.1016/j.jal.2005.12.015 fatcat:izhfyjyny5bw3fvx3s656kc7ga

Understanding and Enforcing Opacity

Daniel Schoepe, Andrei Sabelfeld
2015 2015 IEEE 28th Computer Security Foundations Symposium  
We present a framework for opacity and explore its key differences and formal connections with such well-known information-flow models as noninterference, knowledge-based security, and declassification  ...  This paper puts a spotlight on the specification and enforcement of opacity, a security policy for protecting sensitive properties of system behavior.  ...  Acknowledgments: This work was funded by the European Community under the ProSecuToR and WebSand projects and the Swedish research agencies SSF and VR.  ... 
doi:10.1109/csf.2015.41 dblp:conf/csfw/SchoepeS15 fatcat:orel3lewbbg5zkb6kwpogib7b4

Refinement operators and information flow security

A. Bossi, R. Focardi, C. Piazza, S. Rossi
2003 First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings.  
In this paper we formalize the notion of refinement for processes described as terms of the Security Process Algebra (SPA).  ...  Finally, we study how refinements can be composed still preserving the security of the system.  ...  Quite interestingly, Lowe observes that NDC is not closed under CSP refinement, and he solves this problem by requiring, for a system to be secure, that all of its refinements are secure (i.e., by closing  ... 
doi:10.1109/sefm.2003.1236206 dblp:conf/sefm/BossiFPR03 fatcat:rliuto7mtfaedaenlr6jqwotei
« Previous Showing results 1 — 15 out of 33 results