Safe Equivalences for Security Properties [chapter]

Mário S. Alvim, Miguel E. Andrés, Catuscia Palamidessi, Peter van Rossum
2010 IFIP Advances in Information and Communication Technology  
In the field of Security, process equivalences have been used to characterize various information-hiding properties (for instance secrecy, anonymity and non-interference) based on the principle that a protocol P with a variable x satisfies such property if and only if, for every pair of secrets s1 and s2, P [ s 1 /x] is equivalent to P [ s 2 /x]. We argue that, in the presence of nondeterminism, the above principle relies on the assumption that the scheduler "works for the benefit of the
more » ... l", and this is usually not a safe assumption. Non-safe equivalences, in this sense, include complete-trace equivalence and bisimulation. We present a formalism in which we can specify admissible schedulers and, correspondingly, safe versions of these equivalences. We prove that safe bisimulation is still a congruence. Finally, we show that safe equivalences can be used to establish information-hiding properties.
doi:10.1007/978-3-642-15240-5_5 fatcat:g5vlvv32grbi7er5b6s6nmgdym