Abstract
We revisit the classical notion of noninterference for state-based systems, as presented by Rushby in 1992. We strengthen his results in several ways, in particular clarifying the impact of transitive vs. intransitive policies on unwinding. Inspired partially by Mantel’s observations on unwinding for event systems, we remove the restriction on the unwinding relation to be an equivalence and obtain new insights in the connection between unwinding relations and observational preorders.
Moreover, we make two major extensions. Firstly, we introduce the new notion of nonleakage, which complements noninterference by focusing not on the observability of actions but the information flow during system runs, and then combine it with noninterference, calling the result noninfluence. Secondly, we generalize all the results to (possibilistic) nondeterminism, introducing the notions of uniform step consistency and uniform local respect. Finally, we share our experience using nonleakage to analyze the confidentiality properties of the Infineon SLE66 chip.
Like Rushby’s, our theory has been developed and checked using a theorem prover, so there is maximal confidence in its rigor and correctness.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Foley, S.N.: A universal theory of information flow. In: IEEE Symposium on Security and Privacy, pp. 116–122 (1987)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1982)
Goguen, J.A., Meseguer, J.: Unwinding the inference control. In: Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1984)
Haigh, J., Young, W.: Extending the non-interference version of MLS for SAT. In: Proc. of the Symposium on Security and Privacy, pp. 232–239. IEEE Computer Society Press, Los Alamitos (1986)
Lotz, V., Kessler, V., Walter, G.: A Formal Security Model for Microprocessor Hardware. In: IEEE Transactions on Software Engineering, August 2000, vol. 26, pp. 702–712 (2000)
Mantel, H.: Unwinding possibilistic security properties. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 238–254. Springer, Heidelberg (2000)
Mantel, H.: Information Flow and Applications – Bridging a Gap. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)
Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Univ. d. Saarlandes (2003)
McCullough, D.: A hookup theorem for multilevel security. In: IEEE Transactions on Software Engineering, pp. 563–568 (1990)
McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: IEEE Symposium on Security and Privacy, pp. 79–93 (1994)
Mantel, H., Sabelfeld, A.: A Generic Approach to the Security of Multi-threaded Programs. In: Proc. of 14th CSFW, Cape Breton, Nova Scotia, Canada, pp. 126–142. IEEE Computer Society, Los Alamitos (2001)
Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002), See also http://isabelle.in.tum.de/docs.html
von Oheimb, D.: Isabelle theory sources: Noninfluence = Noninterference + Nonleakage (2004), http://ddvo.net/HOL/NI/
von Oheimb, D., Lotz, V.: Formal Security Analysis with Interacting State Machines. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 212–228. Springer, Heidelberg (2002), http://ddvo.net/papers/FSA_ISM.html
von Oheimb, D., Nanz, S.: ISM Homepage: Documentation, sources and distribution (2002), http://ddvo.net/ISM/
Pinsky, S.: Absorbing covers and intransitive non-interference. In: IEEE Symposium on Security and Privacy, pp. 102–113 (1995)
Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference? In: 12th Computer Security Foundations Workshop, pp. 228–238. IEEE Computer Society Press, Los Alamitos (1999)
Rushby, J.: Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report CS-92-02, SRI International (1992)
Ryan, P.: A CSP formulation of non-interference and unwinding. In: Proc. of IEEE CSFW-3. Cipher (1990)
Ryan, P.Y.A.: Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 1. Springer, Heidelberg (2001)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. on Selected Areas in Communications 21(1), 5–19 (2003)
Sutherland, D.: A model of information. In: Proc. National Computer Security Conference, pp. 175–183 (1986)
Zakinthinos, A., Stewart Lee, E.: A general theory of security properties. In: Computer Society Symposium on Research in Security and Privacy (1997)
Zdancewic, S., Myers, A.C.: Robust Declassification. In: 14th IEEE Computer Security Foundations Workshop, CSFW (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
von Oheimb, D. (2004). Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds) Computer Security – ESORICS 2004. ESORICS 2004. Lecture Notes in Computer Science, vol 3193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30108-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-30108-0_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22987-2
Online ISBN: 978-3-540-30108-0
eBook Packages: Springer Book Archive