Cited By
View all- Baldan PLluch Lafuente A(2018)Many-to-many information flow policiesScience of Computer Programming10.1016/j.scico.2018.08.003168(118-141)Online publication date: Dec-2018
Non-interference in Partial Order Models
Article No.: 44, Pages 1 - 34
Abstract
Non-interference (NI) is a property of systems stating that confidential actions should not cause effects observable by unauthorized users. Several variants of NI have been studied for many types of models but rarely for true concurrency or unbounded models. This work investigates NI for High-level Message Sequence Charts (HMSCs), a scenario language for the description of distributed systems, based on composition of partial orders. We first propose a general definition of security properties in terms of equivalence among observations of behaviors. Observations are naturally captured by partial order automata, a formalism that generalizes HMSCs and permits assembling partial orders. We show that equivalence or inclusion properties for HMSCs (and hence for partial order automata) are undecidable, which means in particular that NI is undecidable for HMSCs. We hence consider decidable subclasses of partial order automata and HMSCs. Finally, we define weaker local properties, describing situations where a system is attacked by a single agent, and show that local NI is decidable. We then refine local NI to a finer notion of causal NI that emphasizes causal dependencies between confidential actions and observations and extend it to causal NI with (selective) declassification of confidential events. Checking whether a system satisfies local and causal NI and their declassified variants are PSPACE-complete problems.
References
[1]
C. Aiswarya, P. Gastin, and K. Narayan Kumar. 2014. Verifying communicating multi-pushdown systems via split-width. In Proc. of 12th Int. Symposium on Automated Technology for Verification and Analysis (ATVA'14) (LNCS), Vol. 8837. 1--17.
[2]
R. Alur and M. Yannakakis. 1999. Model checking of message sequence charts. In Proc. of 10th Int. Conf. on Concurrency Theory (CONCUR’99) (LNCS), Vol. 1664. 114--129.
[3]
P. Baldan and A. Carraro. 2014. Non-interference by unfolding. In 35th Int. Conf. on Application and Theory of Petri Nets and Concurrency (PETRI NETS’14) (LNCS), Vol. 8489. 190--209.
[4]
B. Bérard, L. Hélouët, and J. Mullins. 2015. Non-interference in partial order models. In Proc. of 15th Int. Conf. on Application of Concurrency to System Design (ACSD’15). IEEE Computer Society, 80--89.
[5]
E. Best and P. Darondeau. 2012. Deciding selective declassification of Petri nets. In Proc. of 1st Int. Cong. on Principles of Security and Trust (POST’12) (LNCS), Vol. 7215. 290--308.
[6]
E. Best, P. Darondeau, and R. Gorrieri. 2010. On the decidability of non interference over unbounded Petri nets. In Proc. of 8th International Workshop on Security Issues in Concurrency (SecCo'10), Vol. 51. 16--33.
[7]
B. Bérard and J. Mullins. 2014. Verification of information flow properties under rational observation. In Proc. of 14th Int. Workshop on Automated Verification of Critical Systems (AVoCS'14). ECEASST 70.
[8]
N. Busi and R. Gorrieri. 2009. Structural non-interference in elementary and trace nets. Mathematical Structures in Computer Science 19, 6 (2009), 1065--1090.
[9]
B. Caillaud, P. Darondeau, L. Hélouët, and G. Lesventes. 2000. HMSCs en tant que Spécifications Partielles et Leurs Complétions Dans Les Réseaux de Petri. RR-3970. INRIA.
[10]
D. D’Souza, R. Holla, K. R. Raghavendra, and B. Sprick. 2011. Model-checking trace-based information flow properties. Journal of Computer Security 19, 1 (2011), 101--138.
[11]
R. Focardi and R. Gorrieri. 2001. Classification of security properties (Part I: Information flow). In Foundations of Security Analysis and Design (LNCS), Vol. 2171. Springer-Vale, 331--396.
[12]
B. Genest, L. Hélouët, and A. Muscholl. 2003. High-level message sequence charts and projections. In Proc. of 14th Int. Conf. on Concurrency Theory (CONCUR'03) (LNCS), Vol. 2761. 308--322.
[13]
J. A. Goguen and J. Meseguer. 1982. Security policies and security models. In Proc. of IEEE Symposium on Security and Privacy. 11--20.
[14]
R. Gorrieri and M. Vernali. 2011. On intransitive non-interference in some models of concurrency. In Proc. of Foundations of Security Analysis and Design (FOSAD VI), Tutorial Lectures (LNCS), Vol. 6858. 125--151.
[15]
L. Hélouët, H. Marchand, B. Genest, and T. Gazagnaire. 2014. Diagnosis from scenarios. Discrete Event Dynamic Systems 24, 4 (2014), 353--415.
[16]
ITU-T. 2011. Z.120 : Message Sequence Charts (MSC). Technical Report. International Telecommunication Union.
[17]
H. Mantel. 2000. Possibilistic definitions of security - an assembly kit. In Proc. of the 13th IEEE Computer Security Foundations Workshop (CSFW’00). 185--199.
[18]
H. Mantel. 2001. Information flow control and applications - bridging a gap. In Proc. of FME’01 (LNCS), Vol. 2021. 153--172.
[19]
F. Mattern. 1988. Time and global states of distributed systems. In Proc. Int. Workshop on Parallel and Distributed Algorithms. 215--226.
[20]
A. Muscholl and D. Peled. 1999. Message sequence graphs and decision problems on Mazurkiewicz traces. In Proc. of 24th Int. Conf. on Mathematical Foundations of Computer Science (MFCS’99) (LNCS), M. Kutylowski, L. Pacholski, and T. Wierzbicki (Eds.), Vol. 1672. 81--91.
[21]
A. Muscholl and D. Peled. 2000. Analyzing message sequence charts. In Proc. of 2nd Workshop on SDL and MSC (SAM’00). 3--17.
[22]
A. Ray, B. Sengupta, and R. Cleaveland. 2004. Secure requirements elicitation through triggered message sequence charts. In Proc. of 1st int. Conf. on Distributed Computing and Internet Technology (ICDCIT'04) (LNCS), Vol. 3347. 273--282.
[23]
J. Rushby. 1992. Noninterference, Transitivity, and Channel-control Security Policies. Technical Report CSL-92-02. SRI International.
Index Terms
- Non-interference in Partial Order Models
Recommendations
Non-interference in Partial Order Models
ACSD '15: Proceedings of the 2015 15th International Conference on Application of Concurrency to System DesignNon-interference (NI) is a property of systems stating that confidential actions should not cause effects observable by unauthorized users. Several variants of NI have been studied for many types of models, but rarely for true concurrency or unbounded ...
Ramsey-Based Inclusion Checking for Visibly Pushdown Automata
Checking whether one formal language is included in another is important in many verification tasks. In this article, we provide solutions for checking the inclusion of languages given by visibly pushdown automata over both finite and infinite words. ...
Efficient SAT solving for non-clausal formulas using DPLL, graphs, and watched cuts
DAC '09: Proceedings of the 46th Annual Design Automation ConferenceBoolean satisfiability (SAT) solvers are used heavily in hardware and software verification tools for checking satisfiability of Boolean formulas. Most state-of-the-art SAT solvers are based on the Davis-Putnam-Logemann-Loveland (DPLL) algorithm and ...
Comments
Information & Contributors
Information
Published In
May 2017
705 pages
Copyright © 2016 ACM.
© 2016 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 19 December 2016
Accepted: 01 August 2016
Received: 01 February 2016
Published in TECS Volume 16, Issue 2
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed
Funding Sources
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 104Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Reflects downloads up to 04 Oct 2024
Other Metrics
Citations
Cited By
View all- Baldan PLluch Lafuente A(2018)Many-to-many information flow policiesScience of Computer Programming10.1016/j.scico.2018.08.003168(118-141)Online publication date: Dec-2018
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in