Abstract
Based on a system model consisting of processes describing the machine, the honest users and the adversary, this paper introduces an abstract framework of refinement relations preserving existential confidentiality properties for nondeterministic, probabilistic systems. It allows a refinement step to trade functionality between the machine and its environment, thus shifting the conceptual boundary between machine and environment. A refinement also permits the realization to extend the observational means of an adversary. A confidentiality-preserving refinement relation is defined in terms of another, more basic relation that considers deterministic probabilistic processes. An instantiation with an entropy-based confidentiality property illustrates the use of this framework. The relationship to other concepts of secure refinement, in particular to reactive simulatability, is discussed.
Chapter PDF
References
Abrial, J.-R.: The B-Book: Assigning programs to meanings. Cambridge University Press, Cambridge (1996)
Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations (extended abstract). In: Proc. 10th ACM Conference on Computer and Communications Security, pp. 220–230 (2003)
Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. IACR ePrint Archive (March 2004), Online available at: http://eprint.iacr.org/2004/082.ps
Behm, P., Benoit, P., Faivre, A., Meynadier, J.-M.: Météor: A successful application of B in a large project. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 369–387. Springer, Heidelberg (1999)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145 (2001)
Ciesinski, F., Größer, M.: On probabilistic computation tree logic. In: Baier, C., Haverkort, B.R., Hermanns, H., Katoen, J.-P., Siegle, M. (eds.) Validation of Stochastic Systems. LNCS, vol. 2925, pp. 147–188. Springer, Heidelberg (2004)
Derrick, J., Boiten, E.: Refinement in Z and Object-Z. Springer, London (2001)
Graham-Cumming, J., Sanders, J.W.: On the refinement of non-interference. In: 9th IEEE Computer Security Foundations Workshop, pp. 35–42. IEEE Computer Society Press, Los Alamitos (1991)
Gray III, J.W.: Toward a mathematical foundation for information flow security. Journal of Computer Security, 255–294 (1992)
Heisel, M., Pfitzmann, A., Santen, T.: Confidentiality-preserving refinement. In: 14th IEEE Computer Security Foundations Workshop, pp. 295–305. IEEE Computer Society Press, Los Alamitos (2001)
Hoare, C.A.R.: Proof of correctness of data representations. Acta Informatica 1, 271–281 (1972)
Jacob, J.: On the derivation of secure components. In: IEEE Symposium on Security and Privacy, pp. 242–247. IEEE Press, Los Alamitos (1989)
Jones, C.B.: Systematic Software Development using VDM, 2nd edn. Prentice-Hall, Englewood Cliffs (1990)
Jürjens, J.: Secrecy-preserving refinement. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 135–152. Springer, Heidelberg (2001)
Liskov, B., Wing, J.: A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems 16(6), 1811–1841 (1994)
Lowe, G.: Quantifying information flow. In: 15th IEEE Computer Security Foundations Workshop, pp. 18–31. IEEE Computer Society, Los Alamitos (2002)
MacKay, D.: Information Theory, Inference, and Learning Algorithms. Cambridge University Press, Cambridge (2003)
Mantel, H.: Preserving information flow properties under refinement. In: IEEE Symposium on Security and Privacy, pp. 78–91. IEEE Computer Society Press, Los Alamitos (2001)
Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes (2003)
McLean, J.: A general theory of composition for a class of “possibilistic” properties. IEEE Transactions on Software Engineering 22(1), 53–67 (1996)
Meyer, B.: Applying “design by contract”. IEEE Computer, 40–51 (October 1992)
Morgan, C., McIver, A., Seidel, K., Sanders, J.W.: Refinement-oriented probability for CSP. Formal Aspects of Computing 8(6), 617–647 (1996)
Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, pp. 184–201. IEEE Computer Society, Los Alamitos (2001)
Roscoe, A.W.: CSP and determinism in security modelling. In: Proc. IEEE Symposium on Security and Privacy, pp. 114–127. IEEE Computer Society Press, Los Alamitos (1995)
Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Englewood Cliffs (1998)
Roscoe, A.W., Woodcock, J.C.P., Wulf, L.: Non-interference through determinism. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 33–53. Springer, Heidelberg (1994)
Ryan, P.Y.A., Schneider, S.A.: Process algebra and non-interference. In: 12th IEEE Computer Security Foundations Workshop, pp. 214–227. IEEE Computer Society, Los Alamitos (1999)
Santen, T.: Probabilistic confidentiality properties based on indistinguishability. In: Federrath, H. (ed.) Proc. Sicherheit 2005 – Schutz und Zuverlässigkeit, Gesellschaft für Informatik. Lecture Notes in Informatics, pp. 113–124 (2005)
Santen, T., Heisel, M., Pfitzmann, A.: Confidentiality-preserving refinement is compositional - sometimes. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 194–211. Springer, Heidelberg (2002)
Segala, R., Lynch, N.: Probabilistic simulations for probabilistic processes. Nordic Journal of Computing 2(2), 250–273 (1995)
Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proc. IEEE Symposium on Security and Privacy, pp. 94–102 (1997)
Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Transactions on Software Engineering and Methodology 6(1), 1–30 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Santen, T. (2006). A Formal Framework for Confidentiality-Preserving Refinement. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds) Computer Security – ESORICS 2006. ESORICS 2006. Lecture Notes in Computer Science, vol 4189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11863908_15
Download citation
DOI: https://doi.org/10.1007/11863908_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44601-9
Online ISBN: 978-3-540-44605-7
eBook Packages: Computer ScienceComputer Science (R0)