Higher-Order and Symbolic Computation

, Volume 14, Issue 1, pp 59–91

A Per Model of Secure Information Flow in Sequential Programs

  • Andrei Sabelfeld
  • David Sands

DOI: 10.1023/A:1011553200337

Cite this article as:
Sabelfeld, A. & Sands, D. Higher-Order and Symbolic Computation (2001) 14: 59. doi:10.1023/A:1011553200337


This paper proposes an extensional semantics-based formal specification of secure information-flow properties in sequential programs based on representing degrees of security by partial equivalence relations (pers). The specification clarifies and unifies a number of specific correctness arguments in the literature and connections to other forms of program analysis. The approach is inspired by (and in the deterministic case equivalent to) the use of partial equivalence relations in specifying binding-time analysis, and is thus able to specify security properties of higher-order functions and “partially confidential data”. We also show how the per approach can handle nondeterminism for a first-order language, by using powerdomain semantics and show how probabilistic security properties can be formalised by using probabilistic powerdomain semantics. We illustrate the usefulness of the compositional nature of the security specifications by presenting a straightforward correctness proof for a simple type-based security analysis.

semanticssecurityconfidentialitypartial equivalence relationsnoninterferencepowerdomainsprobabilistic covert channels

Copyright information

© Kluwer Academic Publishers 2001

Authors and Affiliations

  • Andrei Sabelfeld
    • 1
  • David Sands
    • 1
  1. 1.Department of Computer ScienceChalmers University of Technology and the University of GöteborgGöteborgSweden