article

Preservation of probabilistic information flow under refinement

Author:

Thomas SantenAuthors Info & Claims

Information and Computation, Volume 206, Issue 2-4

Pages 213 - 249

https://doi.org/10.1016/j.ic.2007.07.008

Published: 01 February 2008 Publication History

Abstract

Information flow properties, which describe confidentiality requirements, are not generally preserved under behavior refinement. This article describes a formal framework for refinement relations between nondeterministic probabilistic processes that capture sufficient conditions to preserve information flow properties. In particular, it uses information-theoretic concepts to investigate the refinement of a probabilistic, entropy-based information flow property. The refinement relation considers the abstract and concrete models as views on the same stochastic process. Probabilistic CSP provides the semantic basis for this investigation.

References

[1]

Gray, J.W., Toward a mathematical foundation for information flow security. Journal of Computer Security. 255-294.

[2]

Shannon, C.E., A mathematical theory of communication. The Bell System Technical Journal. v27. 379-423.

[3]

Goguen, J.A. and Meseguer, J., Security policies and security models. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press. pp. 11-20.

[4]

Graham-Cumming, J., Laws of non-interference in CSP. Journal of Computer Security. v2. 37-52.

[5]

A. Zakinthinos, E.S. Lee, A general theory of security properties, in: Proceedings of IEEE Symposium on Security and Privacy, 1997, pp. 94--102.

Digital Library

[6]

Roscoe, A.W., Woodcock, J.C.P. and Wulf, L., Non-interference through determinism. In: Gollmann, D. (Ed.), LNCS, vol. 875. Springer-Verlag. pp. 33-53.

Digital Library

[7]

McLean, J., A general theory of composition for a class of “possibilistic” properties. IEEE Transactions on Software Engineering. v22 i1. 53-67.

Digital Library

[8]

Ryan, P.Y.A. and Schneider, S.A., Process algebra and non-interference. In: 12th IEEE Computer Security Foundations Workshop, IEEE Computer Society. pp. 214-227.

Digital Library

[9]

H. Mantel, A Uniform Framework for the Formal Specification and Verification of Information Flow Security, Ph.D. Thesis, Universität des Saarlandes, 2003.

[10]

Santen, T., A formal framework for confidentiality-preserving refinement. In: Gollmann, D., Meier, J., Sabelfeld, A. (Eds.), LNCS, vol. 4189. Springer-Verlag. pp. 225-242.

Digital Library

[11]

Liskov, B. and Wing, J., A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems. v16 i6. 1811-1841.

Digital Library

[12]

Meyer, B., Applying “design by contract”. IEEE Computer. 40-51.

Digital Library

[13]

P. Behm, P. Benoit, A. Faivre, J.-M. Meynadier, Météor: a successful application of B in a large project, in: J. Wing, J. Woodcock, J. Davies (Eds.), FM'99---Formal Methods, vol. I, LNCS, vol. 1708, Springer-Verlag, 1999, pp. 369--387.

Digital Library

[14]

Hoare, C.A.R., Proof of correctness of data representations. Acta Informatica. v1. 271-281.

Digital Library

[15]

Abrial, J.-R., The B-Book: Assigning Programs to Meanings. 1996. Cambridge University Press.

Digital Library

[16]

Derrick, J. and Boiten, E., Refinement in Z and Object-Z. 2001. Springer-Verlag, London.

Digital Library

[17]

Jones, C.B., Systematic Software Development using VDM. 1990. second ed. Prentice Hall.

Digital Library

[18]

Roscoe, A.W., The Theory and Practice of Concurrency. 1998. Prentice Hall.

Digital Library

[19]

Jacob, J., On the derivation of secure components. In: IEEE Symposium on Security and Privacy, IEEE Press. pp. 242-247.

[20]

CSP and determinism in security modelling. In: Proceedings of IEEE Symposium on Security and Privacy, IEEE Computer Society Press. pp. 114-127.

Digital Library

[21]

Jürjens, J., Secrecy-preserving refinement. In: Oliveira, J.N., Zave, P. (Eds.), LNCS, vol. 2021. Springer-Verlag. pp. 135-152.

Digital Library

[22]

Mantel, H., Preserving information flow properties under refinement. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press. pp. 78-91.

Digital Library

[23]

Zave, P. and Jackson, M., Four dark corners of requirements engineering. ACM Transactions on Software Engineering and Methodology. v6 i1. 1-30.

Digital Library

[24]

Heisel, M., Pfitzmann, A. and Santen, T., Confidentiality-preserving refinement. In: 14th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press. pp. 295-305.

Digital Library

[25]

Santen, T., Heisel, M. and Pfitzmann, A., Confidentiality-preserving refinement is compositional---sometimes. In: Gollmann, D., Karjoth, G., Waidner, M. (Eds.), LNCS, vol. 2502. Springer-Verlag. pp. 194-211.

Digital Library

[26]

M. Backes, B. Pfitzmann, M. Waidner, Secure asynchronous reactive systems, IACR ePrint Archive, March 2004. Available from: <http://eprint.iacr.org/2004/082.ps>.

[27]

Morgan, C., McIver, A., Seidel, K. and Sanders, J.W., Refinement-oriented probability for CSP. Formal Aspects of Computing. v8 i6. 617-647.

[28]

Spivey, J.M., The Z Notation---A Reference Manual. 1992. second ed. Prentice Hall.

Digital Library

[29]

MacKay, D., Information Theory, Inference, and Learning Algorithms. 2003. Cambridge University Press.

Digital Library

[30]

Hoare, C.A.R., Communicating Sequential Processes. 1985. Prentice Hall.

Digital Library

[31]

Segala, R. and Lynch, N., Probabilistic simulations for probabilistic processes. Nordic Journal of Computing. v2 i2. 250-273.

Digital Library

[32]

Ciesinski, F. and Größer, M., On probabilistic computation tree logic. In: Baier, C., Haverkort, B.R., Hermanns, H., Katoen, J.-P., Siegle, M. (Eds.), LNCS, vol. 2925. Springer-Verlag. pp. 147-188.

[33]

T. Santen, Probabilistic confidentiality properties based on indistinguishability, in: H. Federrath (Ed.), Proc. Sicherheit 2005---Schutz und Zuverlässigkeit, Lecture Notes in Informatics, Gesellschaft für Informatik, 2005, pp. 113--124.

[34]

Pfitzmann, B. and Waidner, M., A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, IEEE Computer Society. pp. 184-201.

Digital Library

[35]

M. Backes, B. Pfitzmann, M. Waidner, A composable cryptographic library with nested operations (extended abstract), in: Proceeding of 10th ACM Conference on Computer and Communications Security, 2003, pp. 220--230.

Digital Library

[36]

J. McLean, A general theroy of composition for trace sets closed under selective interleaving functions, in: Proceedings of IEEE Symposium on Research in Security and Privacy, 1994, pp. 73--93.

Digital Library

[37]

D.M. Johnson, F.J. Thayer, Security and the composition of machines, in: Proceedings of IEEE Computer Security Foundations Workshop, 1988, pp. 72--89.

[38]

J.W. Gray, Toward a mathematical foundation for information flow security, in: Proceedings of IEEE Symposium on Security and Privacy, 1991, pp. 21--34.

[39]

Lowe, G., Quantifying information flow. In: 15th IEEE Computer Security Foundations Workshop, IEEE Computer Society. pp. 18-31.

Digital Library

[40]

Graham-Cumming, J. and Sanders, J.W., On the refinement of non-interference. In: 9th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press. pp. 35-42.

[41]

Jacob, J., Security specifications. In: IEEE Symposium on Security and Privacy, IEEE Press. pp. 14-23.

Digital Library

[42]

Jacob, J., Basic theorems about security. Journal of Computer Security. v1. 385-411.

Cited By

Chong SMeyden R(2015)Using Architecture to Reason about Information SecurityACM Transactions on Information and System Security10.1145/282994918:2(1-30)Online publication date: 9-Dec-2015
https://dl.acm.org/doi/10.1145/2829949
Banks MJacob J(2014)On integrating confidentiality and functionality in a formal methodFormal Aspects of Computing10.1007/s00165-013-0285-426:5(963-992)Online publication date: 1-Sep-2014
https://dl.acm.org/doi/10.1007/s00165-013-0285-4
Hoang TMcIver AMeinicke LMorgan CSloane ASusatyo E(2014)Abstractions of non-interference security: probabilistic versus possibilisticFormal Aspects of Computing10.1007/s00165-012-0237-426:1(169-194)Online publication date: 1-Jan-2014
https://dl.acm.org/doi/10.1007/s00165-012-0237-4
Show More Cited By

Recommendations

Specification, Refinement and Verification of Concurrent Systems—An Integration of Object-Z and CSP

This paper presents a method of formally specifying, refining and verifying concurrent systems which uses the object-oriented state-based specification language Object-Z together with the process algebra CSP. Object-Z provides a convenient way of ...
Temporal-logic property preservation under Z refinement
Abstract
Formal specification languages such as Z, B and VDM are used in the incremental development of abstract specifications (suitable for establishing required properties) to more concrete specifications (resembling the final implementation). This ...
On Information Flow Control in Event-B and Refinement
TASE '13: Proceedings of the 2013 International Symposium on Theoretical Aspects of Software Engineering

This paper investigates the problem of preserving information flow security in Event-B specification models and during the process of refining an abstract specification to be more concrete. A typed Event-B model is presented to enforce information flow ...

Comments

Information & Contributors

Information

Published In

cover image Information and Computation

Information and Computation Volume 206, Issue 2-4

February, 2008

363 pages

ISSN:0890-5401

Issue’s Table of Contents

Copyright © Elsevier Inc. © 2007.

Publisher

Academic Press, Inc.

United States

Publication History

Published: 01 February 2008

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chong SMeyden R(2015)Using Architecture to Reason about Information SecurityACM Transactions on Information and System Security10.1145/282994918:2(1-30)Online publication date: 9-Dec-2015
https://dl.acm.org/doi/10.1145/2829949
Banks MJacob J(2014)On integrating confidentiality and functionality in a formal methodFormal Aspects of Computing10.1007/s00165-013-0285-426:5(963-992)Online publication date: 1-Sep-2014
https://dl.acm.org/doi/10.1007/s00165-013-0285-4
Hoang TMcIver AMeinicke LMorgan CSloane ASusatyo E(2014)Abstractions of non-interference security: probabilistic versus possibilisticFormal Aspects of Computing10.1007/s00165-012-0237-426:1(169-194)Online publication date: 1-Jan-2014
https://dl.acm.org/doi/10.1007/s00165-012-0237-4
Martinelli FMatteucci IJürjens JLee SMonga M(2011)Preserving security properties under refinementProceedings of the 7th International Workshop on Software Engineering for Secure Systems10.1145/1988630.1988634(15-21)Online publication date: 22-May-2011
https://dl.acm.org/doi/10.1145/1988630.1988634
Banks MJacob J(2010)Unifying theories of confidentialityProceedings of the Third international conference on Unifying theories of programming10.5555/1939848.1939853(120-136)Online publication date: 15-Nov-2010
https://dl.acm.org/doi/10.5555/1939848.1939853

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents