Formal Aspects of Computing

, Volume 26, Issue 1, pp 169–194 | Cite as

Abstractions of non-interference security: probabilistic versus possibilistic

  • T. S. Hoang
  • A. K. McIver
  • L. Meinicke
  • C. C. Morgan
  • A. Sloane
  • E. Susatyo
Original Article


The Shadow Semantics (Morgan, Math Prog Construction, vol 4014, pp 359–378, 2006; Morgan, Sci Comput Program 74(8):629–653, 2009) is a possibilistic (qualitative) model for noninterference security. Subsequent work (McIver et al., Proceedings of the 37th international colloquium conference on Automata, languages and programming: Part II, 2010) presents a similar but more general quantitative model that treats probabilistic information flow. Whilst the latter provides a framework to reason about quantitative security risks, that extra detail entails a significant overhead in the verification effort needed to achieve it. Our first contribution in this paper is to study the relationship between those two models (qualitative and quantitative) in order to understand when qualitative Shadow proofs can be “promoted” to quantitative versions, i.e. in a probabilistic context. In particular we identify a subset of the Shadow’s refinement theorems that, when interpreted in the quantitative model, still remain valid even in a context where a passive adversary may perform probabilistic analysis. To illustrate our technique we show how a semantic analysis together with a syntactic restriction on the protocol description, can be used so that purely qualitative reasoning can nevertheless verify probabilistic refinements for an important class of security protocols. We demonstrate the semantic analysis by implementing the Shadow semantics in Rodin, using its special-purpose refinement provers to generate (and discharge) the required proof obligations (Abrial et al., STTT 12(6):447–466, 2010). We apply the technique to some small examples based on secure multi-party computations.


Non-interference security Probabilistic non-interference Program semantics Program refinement 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. ABH+10.
    Abrial J-R, Butler M, Hallerstede S, Hoang TS, Mehta F, Voisin L (2010) Rodin: an open toolset for modelling and reasoning in Event-B. STTT 12(6): 447–466CrossRefGoogle Scholar
  2. Abr96.
    Abrial J-R (1996) The B Book: assigning programs to meanings. Cambridge University Press, LondonCrossRefMATHGoogle Scholar
  3. APRS10.
    Andrés ME, Palamidessi C, Van Rossum P, Smith G (2010) Computing the leakage of information-hiding systems. In: Tools and algorithms for the construction and analysis of systems (TACAS). LNCS, vol 6015. Springer, Berlin, pp 373–389Google Scholar
  4. AR00.
    Abadi M, Rogoway P (2000) Reconciling two views of cryptography (the computational soundness of formal encryption). In: Proceedings of IFIP International Conference on Theoretical Computer Science. LNCS, vol 1872. Springer, Berlin, pp 3–22Google Scholar
  5. Bea91.
    Beaver D (1991) Foundations of secure interactive computing. In: Feigenbaum J (ed) CRYPTO ’91. LNCS, vol 576. Springer, Berlin, pp 377–391Google Scholar
  6. BFPR03.
    Bossi A, Focardi R, Piazza C, Rossi S (2003) Refinement operators and information flow security. In: SEFM. IEEE, Los Alamitos, pp 44–53Google Scholar
  7. Bla01.
    Bruno Blanchet (2001) An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), IEEE Computer Society, pp 82–96.Google Scholar
  8. BP02.
    Backes M, Pfitzmann B (2002) Computational probabilistic non-interference. In: 7th European Symposium on Research in Computer Security. LNCS, vol 2502, pp 1–23Google Scholar
  9. BP04.
    Backes M, Pfitzmann B (2004) Computational probabilistic noninterference. Int J Inf Secur 3(1): 42–60CrossRefGoogle Scholar
  10. BR93.
    Bellare M, Rogoway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp 62–73Google Scholar
  11. BvW98.
    Back R-JR, von Wright J (1998) Refinement calculus: a systematic introduction. Springer, BerlinCrossRefMATHGoogle Scholar
  12. Can01.
    Canetti R (2001) Universal composable security: a new paradigm for cryptographic protocols. In: Extended abstract appeared in proceedings of the 42nd Symposium on Foundations of Computer Science (FOCS), pp 136–145Google Scholar
  13. CGKS99.
    Chor B, Goldreich O, Kushilevitz E, Sudan M (1999) Private information retrieval. J ACM 45(6): 965–982CrossRefMathSciNetGoogle Scholar
  14. Cha88.
    Chaum D (1988) The dining cryptographers problem: unconditional sender and recipient untraceability. J Cryptol 1(1): 65–75CrossRefMATHMathSciNetGoogle Scholar
  15. DY83.
    Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2): 198–208CrossRefMATHMathSciNetGoogle Scholar
  16. GL90.
    Goldwasser S, Levin LA (1990) Fair computation of general functions in presence of immoral majority. In: Menezes A, Vanstone SA (eds) CRYPTO ’90. LNCS, vol 537. Springer, pp 77–93Google Scholar
  17. GM84.
    Goguen JA, Meseguer J (1984) Unwinding and inference control. In: Proceedings of IEEE Symposium on Security and Privacy. IEEE Computer Society, pp 75–86Google Scholar
  18. Gol02.
    Goldwasser S (2002) Mathematical foundations of modern cryptography: computational complexity perspective. In: Proceedings of the ICM, Beijing, vol 1, pp 245–272Google Scholar
  19. Gol10.
    O Goldreich (2010) Studies in complexity and cryptography. In: Security preserving reductions—revised terminology. LNCS, vol 6650. Springer, BerlinGoogle Scholar
  20. Gro.
    Probabilistic Systems Group. Collected publications.
  21. GW86.
    Grimmett GR, Welsh D (1986) Probability: an introduction. Oxford Science Publications, UKMATHGoogle Scholar
  22. HM10.
    Heusser GR, Malacaria P (2010) Applied quantitative information flow and statistical databases. In: Formal aspects in security and trust. LNCS, vol 5983. Springer, Berlin, pp 96–110Google Scholar
  23. Hut06.
    Hutter D (2006) Possibilistic information flow control in MAKS and action refinement. In: Proceedings of the 2006 international conference on Emerging Trends in Information and Communication SecurityGoogle Scholar
  24. KB07.
    Köpf B, Basin D (2007) An information-theoretic model for adaptive side-channel attacks. In: Proceedings of 14th ACM Conference on Computer and Communication SecurityGoogle Scholar
  25. LJ00.
    Leino KRM, Joshi R (2000) A semantic approach to secure information flow. Sci Comput Program 37(1–3): 113–138MATHMathSciNetGoogle Scholar
  26. Man01.
    Mantel H (2001) Preserving information flow properties under refinement. In: Proceedings of IEEE Symposium on security and privacy, pp 78–91Google Scholar
  27. McI09.
    McIver AK (2009) The secret art of computer programming. In: Proceedings of ICTAC 2009. LNCS, vol 5684, pp 61–78 (invited presentation)Google Scholar
  28. MM09.
    McIver AK, Morgan CC (2009) The thousand-and-one cryptographers. At [Gro, McIver:10web]; includes appendices., AprilGoogle Scholar
  29. MM11.
    McIver AK, Morgan CC (2011) Compositional refinement in agent-based security protocols. Formal Aspects Comput 23(6): 711–737CrossRefMATHMathSciNetGoogle Scholar
  30. MMM10.
    McIver A, Meinicke L, Morgan C (2010) Compositional closure for Bayes Risk in probabilistic noninterference. In: Proceedings of the 37th international colloquium conference on Automata, languages and programming: Part II, ICALP’10. Springer, Berlin, pp 223–235Google Scholar
  31. MMM11.
    McIver A, Meinicke L, Morgan C (2011) Hidden-markov program algebra with iteration. Math Struct Comput Sci (to appear)Google Scholar
  32. Mor87.
    Morris JM (1987) A theoretical basis for stepwise refinement and the programming calculus. Sci Comput Program 9(3): 287–306CrossRefMATHGoogle Scholar
  33. Mor94.
    Morgan CC (1994) Programming from Specifications, 2nd edn. Prentice-Hall, Englewood Cliffs.
  34. Mor06.
    Morgan CC (2006) The Shadow Knows: refinement of ignorance in sequential programs. In: Uustalu T (ed), Math Prog Construction, vol 4014. Springer, Berlin, pages 359–378 (Treats Dining Cryptographers)Google Scholar
  35. Mor09.
    Morgan CC (2009) The Shadow Knows: refinement of ignorance in sequential programs. Sci Comput Program 74(8): 629–653 (Treats Oblivious Transfer)CrossRefMATHGoogle Scholar
  36. MR91.
    Micali S, Rogaway P (1991) Secure computation (abstract). In: Feigenbaum J (eds) CRYPTO ’91. LNCS, vol 576. Springer, Berlin, pp 392–404Google Scholar
  37. Pau98.
    Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Secur 6: 85–128Google Scholar
  38. Pro.
    Proverif: Cryptographic protocol verifier in the formal model.
  39. PW01.
    Pfitzmann B, Waidner M (2001) A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp 184–200Google Scholar
  40. Rab81.
    Rabin MO (1981) How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard University.
  41. RCH04.
    Goldreich O, Canetti R, Halevi S (2004) The random oracle methodology, revisited. JACM 51(4): 557–594CrossRefMATHMathSciNetGoogle Scholar
  42. San08.
    Santen T (2008) Preservation of probabilistic information flow under refinement. Inf Comput 206(2–4): 213–249CrossRefMATHMathSciNetGoogle Scholar
  43. Sha48.
    Shannon CE (1948) A mathematical theory of communication. Bell Syst Tech J 27:379–423, 623–656Google Scholar
  44. SM03.
    Sabelfeld A, Myers AC (2003) Language-based information-flow security. IEEE J Sel Areas Commun 21(1): 5–19CrossRefGoogle Scholar
  45. Smi07.
    Smith G (2007) Adversaries and information leaks (Tutorial). In: Barthe G, Fournet C (eds) Proceedings of 3rd Symposium on Trustworthy Global Computing. LNCS, vol 4912. Springer, Berlin, pp 383–400Google Scholar
  46. Yao82.
    Yao AC-C (1982) Protocols for secure computations (extended abstract). In: Annual Symposium on Foundations of Computer Science (FOCS 1982). IEEE Computer Society, pp 160–164Google Scholar

Copyright information

© British Computer Society 2012

Authors and Affiliations

  • T. S. Hoang
    • 1
  • A. K. McIver
    • 2
  • L. Meinicke
    • 2
  • C. C. Morgan
    • 3
  • A. Sloane
    • 2
  • E. Susatyo
    • 2
  1. 1.Institute of Information Security, ETH ZurichZurichSwitzerland
  2. 2.Department of ComputingMacquarie UniversitySydneyAustralia
  3. 3.School of Computer Science and Engineering, UNSWSydneyAustralia

Personalised recommendations