Advertisement

A Probabilistic Property-Specific Approach to Information Flow

  • Danièle Beauquier
  • Marie Duflot
  • Marius Minea
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3685)

Abstract

We study probabilistic information flow from a property-specific viewpoint. For a given property of interest, specified as set of traces, we examine whether different low-level observations imply different probabilities for the occurrence of the property. Quantifying over all properties in a given class (e.g., high-level traces, or high-level sequences separated by low-level events) we obtain different notions of information flow. We give characterizations of systems that are secure according to these definitions. We consider both properties that are expressed over whole traces and those that distinguish between past and future given a reference point. In this framework, we can express several classical definitions of possibilistic security, as well as giving a more detailed, quantitative measure of information flow.

Keywords

Abstraction Level Security Property Atomic Event Probabilistic Tree System Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aldini, A., Bravetti, M., Gorrieri, R.: A process-algebraic approach for the analysis of probabilistic noninterference. Journal of Computer Security 12, 191–246 (2004)Google Scholar
  2. 2.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: 17th IEEE Computer Security Foundations Workshop, pp. 100–114. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  3. 3.
    Clark, D., Hunt, S., Malacaria, P.: Quantified interference for a while language. Electronic Notes Theoretical Computer Science 112, 149–166 (2005)CrossRefGoogle Scholar
  4. 4.
    Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 186–197. ACM, New York (2004)CrossRefGoogle Scholar
  5. 5.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20 (April 1982)Google Scholar
  6. 6.
    Gray III, J.W.: Toward a mathematical foundation for information flow security. In: Proc. 1991 IEEE Symposium on Security and Privacy, pp. 21–35. IEEE Computer Society Press, Los Alamitos (1991)CrossRefGoogle Scholar
  7. 7.
    Gray III, J.W.: Probabilistic interference. In: Proc. IEEE Symp. on Security and Privacy, pp. 170–179 (May 1990)Google Scholar
  8. 8.
    Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. In: Proc. IEEE Computer Security Foundations Workshop (2002)Google Scholar
  9. 9.
    Lowe, G.: Quantifying information flow. In: Proc. IEEE Computer Security Foundations Workshop, pp. 18–31 (June 2002)Google Scholar
  10. 10.
    Mantel, H.: Possibilistic definitions of security – An assembly kit. In: Proc. IEEE Computer Security Foundations Workshop, pp. 185–199 (June 2002)Google Scholar
  11. 11.
    McCullough, D.: Specifications for multi-level security and hook-up property. In: Proc. IEEE Symp. on Security and Privacy, pp. 161–166 (April 1987)Google Scholar
  12. 12.
    McLean, J.: Security models and information flow. In: Proc. IEEE Symp. on Security and Privacy, pp. 180–187 (May 1990)Google Scholar
  13. 13.
    McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proc. IEEE Symp. on Security and Privacy, pp. 79–93 (May 1994)Google Scholar
  14. 14.
    O’Halloran, C.: A calculus of information flow. In: Proc. of the European Symposium on Research in Security and Privacy (ESoRiCS 1990), pp. 180–187 (1990)Google Scholar
  15. 15.
    Di Pierro, A., Hankin, C., Wiklicky, H.: Approximate non-interference. Journal of Computer Security 12, 37–82 (2004)Google Scholar
  16. 16.
    Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: Proc. IEEE Computer Security Foundations Workshop, pp. 200–214 (July 2000)Google Scholar
  17. 17.
    Slissenko, A.: On probabilistic modeling of information flow. Talk at a working seminar of LACL (2004)Google Scholar
  18. 18.
    Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proc. IEEE Symp. on Security and Privacy, pp. 74–102. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Danièle Beauquier
    • 1
  • Marie Duflot
    • 1
  • Marius Minea
    • 2
  1. 1.University Paris 12France
  2. 2.Institute e-Austria TimişoaraRomania

Personalised recommendations