Abstract
Distributed systems make increasing use of encrypted channels to enable confidential communication. While non-interference provides suitable means to investigate the flow of information within distributed systems, it has proved to be rather difficult to capture the notion of encrypted channels in such a framework. In this paper, we extend the framework MAKS for possibilistic information flow in order to distinguish between the information flow due to the fact that a message has been sent and the flow that is due to the actual content of a message. We introduce an equivalence relation on observable events to identify those events an observer cannot distinguish and provide reduction techniques that enable us to prove the security of such systems with the help of exisiting unwinding techniques.
This work was supported by the German Federal Ministry of Education and Research (BMBF) and the German Research Foundation (DFG)
Chapter PDF
Similar content being viewed by others
References
Focardi, R., Ghelli, A., Gorrieri, R.: Using non interference for the analysis of security protocols. In: Proceedings of the DIMACS Workshop on Design and Formal Verification of Security Protocols, Rutgers University (1997)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1982)
Goguen, J.A., Meseguer, J.: Inference control and unwinding. In: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1984)
Laud, P.: Handling encryption in an analysis for secure information flow. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 159–173. Springer, Heidelberg (2003)
Mantel, H.: Possibilistic definitions of security – an assembly kit. In: Proceedings of the IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, Los Alamitos (2000)
Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes (2003) (published as a manuscript)
McLean, J.D.: Proving noninterference and functional correctness using traces. Journal of Computer Security 1(1), 37–57 (1992)
Meadows, C.: The NRL protocol analyzer: An overview. Journal of Logic Programming 26(2), 113–131 (1996)
Paulson, L.C.: Proving security protocols correct. In: Proceedings the 14th Annual IEEE Symposium on Logic in Computer Science, IEEE Computer Society Press, Los Alamitos (1999)
Pinsky, S.: Absorbing covers and intransitive non-interference. In: Proceedings of IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1995)
Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, Los Alamitos (1999)
Rushby, J.: Noninterference, transitivity, and channel-control security policies. Technical Report CSL-92-02, SRI International, Menlo Park, CA (1992)
Ryan, P.Y.A., Schneider, S.A.: Process algebra and non-interference. Journal of Computer Security 9(1/2), 75–103 (2001)
Schaefer, I.: Information flow control for multiagent systems - a case study on comparison shopping. Master’s thesis, Universität Rostock / DFKI (September 2003)
Volpano, D.M.: Secure introduction of one-way functions. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, Los Alamitos (2000)
Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hutter, D., Schairer, A. (2004). Possibilistic Information Flow Control in the Presence of Encrypted Communication. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds) Computer Security – ESORICS 2004. ESORICS 2004. Lecture Notes in Computer Science, vol 3193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30108-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-30108-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22987-2
Online ISBN: 978-3-540-30108-0
eBook Packages: Springer Book Archive