Skip to main content
SpringerLink
Log in

Information Security as Strategic (In)effectivity

  • Conference paper
  • First Online:
Security and Trust Management (STM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9871))

Included in the following conference series:

Abstract

Security of information flow is commonly understood as preventing any information leakage, regardless of how grave or harmless consequences the leakage can have. In this work, we suggest that information security is not a goal in itself, but rather a means of preventing potential attackers from compromising the correct behavior of the system. To formalize this, we first show how two information flows can be compared by looking at the adversary’s ability to harm the system. Then, we propose that the information flow in a system is effectively information-secure if it does not allow for more harm than its idealized variant based on the classical notion of noninterference.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This is a real-life example from the authors’ personal experience. For similar security questions, used by various phone or web services, cf. e.g. [14].

  2. 2.

    We will only sketch the proofs due to lack of space. The complete proofs can be found in the extended version of the paper, available at http://arxiv.org/abs/1608.02247.

References

  1. Acquisti, A., Grossklags, J.: Privacy attitudes and privacy behavior - losses, gains, and hyperbolic discounting. In: Economics of Information Security. Advances in Information Security, vol. 12, pp. 165–178. Springer, New York (2004)

    Google Scholar 

  2. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 84–90 (1981)

    Article  Google Scholar 

  3. Dimovski, A.S.: Ensuring secure non-interference of programs by game semantics. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 81–96. Springer, Heidelberg (2014)

    Google Scholar 

  4. Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Game theory meets information security management. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIP AICT, vol. 428, pp. 15–29. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55415-5_2

    Chapter  Google Scholar 

  5. Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993). doi:10.1007/3-540-57220-1_66

    Chapter  Google Scholar 

  6. Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: Proceedings of POPL, pp. 186–197. ACM (2004)

    Google Scholar 

  7. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of S&P, pp. 11–20. IEEE Computer Society (1982)

    Google Scholar 

  8. Goldreich, O., Micali, S., Wigderson, A.: How to play ANY mental game. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, STOC 1987, pp. 218–229. ACM (1987)

    Google Scholar 

  9. Gray III, J.W.: Probabilistic interference. In: Proceedings of S&P, pp. 170–179. IEEE (1990)

    Google Scholar 

  10. Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proceedings of WWW, pp. 209–218. ACM (2008)

    Google Scholar 

  11. Hankin, C., Nagarajan, R., Sampath, P.: Flow analysis: games and nets. In: Mogensen, T.Æ., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 135–156. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Harris, W.R., Jha, S., Reps, T.W., Anderson, J., Watson, R.N.M.: Declarative, temporal, and practical programming with capabilities. In: Proceedings of SP, pp. 18–32. IEEE Computer Society (2013)

    Google Scholar 

  13. Jamroga, W., Tabatabaei, M.: Strategic noninterference. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 67–81. Springer, Heidelberg (2015). doi:10.1007/978-3-319-18467-8_5

    Chapter  Google Scholar 

  14. Levin, J.: In what city did you honeymoon? and other monstrously stupid bank security questions. Slate (2008)

    Google Scholar 

  15. Leyton-Brown, K., Shoham, Y.: Essentials of Game Theory: A Concise, Multidisciplinary Introduction. Morgan & Claypool (2008)

    Google Scholar 

  16. Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: ACM SIGPLAN Notices, vol. 40, pp. 158–170. ACM (2005)

    Google Scholar 

  17. Malacaria, P., Hankin, C.: Non-deterministic games, program analysis: an application to security. In: Proceedings of LICS, pp. 443–452. IEEE Computer Society (1999)

    Google Scholar 

  18. McCullough, D.: Noninterference and the composability of security properties. In: Proceedings of S&P, pp. 177–186. IEEE (1988)

    Google Scholar 

  19. McIver, A., Morgan, C.: A probabilistic approach to information hiding. In: Programming Methodology, pp. 441–460 (2003)

    Google Scholar 

  20. McNaughton, R.: Testing and generating infinite sequences by a finite automaton. Inf. Control 9, 521–530 (1966)

    Article  MathSciNet  MATH  Google Scholar 

  21. Moore, T., Anderson, R.: Economics, internet security: a survey of recent analytical, empirical and behavioral research. Technical report TR-03-11, Computer Science Group, Harvard University (2011)

    Google Scholar 

  22. O’Halloran, C.: A calculus of information flow. In: Proceedings of ESORICS, pp. 147–159 (1990)

    Google Scholar 

  23. Di Pierro, A., Hankin, C., Wiklicky, H.: Approximate non-interference. J. Comput. Secur. 12(1), 37–81 (2004)

    Article  Google Scholar 

  24. Robinson, J.A.: A machine-oriented logic based on the resolution principle. J. ACM 12(1), 23–41 (1965)

    Article  MathSciNet  MATH  Google Scholar 

  25. Roscoe, A.W., Hoare, C.A.R., Bird, R.: The Theory and Practice of Concurrency. Prentice Hall PTR, Upper Saddle River (1997)

    Google Scholar 

  26. Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proceedings of CSFW-18, pp. 255–269. IEEE Computer Society (2005)

    Google Scholar 

  27. Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  28. Sutherland, D.: A model of information. In: Proceedings of the 9th National Computer Security Conference, pp. 175–183 (1986)

    Google Scholar 

  29. Meyden, R., Zhang, C.: A comparison of semantic models for noninterference. Theoret. Comput. Sci. 411(47), 4123–4147 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  30. Wittbold, J.T., Johnson, D.M.: Information flow in nondeterministic systems. In: IEEE Symposium on Security and Privacy, p. 144 (1990)

    Google Scholar 

  31. Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Proceedings of CSFW-16, pp. 29–43. IEEE Computer Society (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, Polish Academy of Sciences, Warszawa, Poland

    Wojciech Jamroga

  2. Interdisciplinary Centre for Security and Trust, University of Luxembourg, Luxembourg, Luxembourg

    Masoud Tabatabaei

Authors
  1. Wojciech Jamroga
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Masoud Tabatabaei
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masoud Tabatabaei .

Editor information

Editors and Affiliations

  1. IMDEA Software Institute , Pozuelo de Alarcón, Madrid, Spain

    Gilles Barthe

  2. Dept Comp Sci, Vassilika Vouton, Univ of Crete Dept Comp Sci, Vassilika Vouton, Heraklion, Crete, Greece

    Evangelos Markatos

  3. Dipto di Informatica, Univ degli Studi di Milano Dipto di Informatica, Crema, Italy

    Pierangela Samarati

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Jamroga, W., Tabatabaei, M. (2016). Information Security as Strategic (In)effectivity. In: Barthe, G., Markatos, E., Samarati, P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science(), vol 9871. Springer, Cham. https://doi.org/10.1007/978-3-319-46598-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46598-2_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46597-5

  • Online ISBN: 978-3-319-46598-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation