Formalizing Probabilistic Noninterference

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8307)


We present an Isabelle formalization of probabilistic noninterference for a multi-threaded language with uniform scheduling. Unlike in previous settings from the literature, here probabilistic behavior comes from both the scheduler and the individual threads, making the language more realistic and the mathematics more challenging. We study resumption-based and trace-based notions of probabilistic noninterference and their relationship, and also discuss compositionality w.r.t. the language constructs and type-system-like syntactic criteria. The formalization uses recent development in the Isabelle probability theory library.


Parallel Composition Concrete Syntax Language Construct Compositionality Fact Thread Pool 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The POPLmark challenge (2009),
  2. 2.
    Audebaud, P., Paulin-Mohring, C.: Proofs of randomized algorithms in Coq. S. of Comp. Prog. 74(8), 568–589 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: CSFW, pp. 100–114 (2004)Google Scholar
  4. 4.
    Barthe, G., Daubignard, M., Kapron, B.M., Lakhnech, Y.: Computational indistinguishability logic. In: CCS, pp. 375–386 (2010)Google Scholar
  5. 5.
    Barthe, G., Grégoire, B., Béguelin, S.Z.: Formal certification of code-based cryptographic proofs. In: POPL, pp. 90–101 (2009)Google Scholar
  6. 6.
    Barthe, G., Nieto, L.P.: Formally verifying information flow type systems for concurrent and thread systems. In: FMSE, pp. 13–22 (2004)Google Scholar
  7. 7.
    Boudol, G.: On typing information flow. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 366–380. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281(1-2), 109–130 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Cock, D.: Verifying probabilistic correctness in Isabelle with pGCL. In: SSV, pp. 167–178 (2012)Google Scholar
  10. 10.
    Cock, D.: Practical probability: Applying pGCL to lattice scheduling. In: Blazy, S., Paulin-Mohring, C., Pichardie, D. (eds.) ITP 2013. LNCS, vol. 7998, pp. 311–327. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Hölzl, J.: Analyzing discrete-time Markov chains with countable state space in Isabelle/HOL. Draft,
  12. 12.
    Hölzl, J., Nipkow, T.: Verifying pCTL model checking. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 347–361. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Hurd, J., McIver, A., Morgan, C.: Probabilistic guarded commands mechanized in HOL. Theor. Comput. Sci. 346(1) (2005)Google Scholar
  14. 14.
    Kammüller, F., Wenzel, M., Paulson, L.C.: Locales - a sectioning concept for Isabelle. In: Bertot, Y., Dowek, G., Hirschowitz, A., Paulin, C., Théry, L. (eds.) TPHOLs 1999. LNCS, vol. 1690, pp. 149–166. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  15. 15.
    Kemeny, J.G., Snell, J.L., Knapp, A.W.: Denumerable Markov chains, 2nd edn. Springer (1976)Google Scholar
  16. 16.
    Larsen, K.G., Skou, A.: Bisimulation through probabilistic testing. Information and Computation 94(1), 1–28 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Mantel, H.: A uniform framework for the specification and verification of security properties. Ph.D. thesis, Univ. of Saarbrücken (2003)Google Scholar
  18. 18.
    Mantel, H., Sudbrock, H.: Flexible scheduler-independent security. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 116–133. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    McIver, A., Morgan, C.: Abstraction, Refinement and Proof for Probabilistic Systems. Springer (2005)Google Scholar
  20. 20.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL: A Proof Assistant for Higher-order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002)Google Scholar
  21. 21.
    Paulson, L.C., Blanchette, J.C.: Three years of experience with Sledgehammer, a practical link between automatic and interactive theorem provers. In: IWIL (2010)Google Scholar
  22. 22.
    Popescu, A., Hölzl, J.: Formal development associated with this paper, (to appear in the Archive of Formal Proofs, 2013)
  23. 23.
    Popescu, A., Hölzl, J., Nipkow, T.: Proving concurrent noninterference. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 109–125. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Popescu, A., Hölzl, J., Nipkow, T.: Noninterfering schedulers - when possibilistic noninterference implies probabilistic noninterference. In: CALCO, pp. 236–252 (2013)Google Scholar
  25. 25.
    Sabelfeld, A.: Confidentiality for multithreaded programs via bisimulation. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 260–274. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  27. 27.
    Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: CSFW, pp. 200–214 (2000)Google Scholar
  28. 28.
    Smith, G.: A new type system for secure information flow. In: CSFW, pp. 115–125 (2001)Google Scholar
  29. 29.
    Smith, G.: Probabilistic noninterference through weak probabilistic bisimulation. In: CSFW, pp. 3–13 (2003)Google Scholar
  30. 30.
    Smith, G.: Improved typings for probabilistic noninterference in a multi-threaded language. Journal of Computer Security 14(6), 591–623 (2006)Google Scholar
  31. 31.
    Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: POPL, pp. 355–364 (1998)Google Scholar
  32. 32.
    Volpano, D., Smith, G.: Probabilistic noninterference in a concurrent language. Journal of Computer Security 7(2,3), 231–253 (1999)Google Scholar
  33. 33.
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(2,3), 167–187 (1996)Google Scholar
  34. 34.
    Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: CSFW, pp. 29–43 (2003)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  1. 1.Technische Universität MünchenGermany
  2. 2.Institute of Mathematics Simion Stoilow of the Romanian AcademyRomania

Personalised recommendations