Coinductive Unwinding of Security-Relevant Hyperproperties
Unwinding relations have been widely used to prove that finite systems are secure with respect to a variety of noninterference policies. The latter are prominent instances of security-relevant hyperproperties. As hyperproperties are defined on potentially infinite systems, a new mathematical development is needed in order to (re)use unwinding relations for generic verification of security-relevant hyperproperties. In this paper we propose a framework for coinductive unwinding of security relevant hyperproperties. To illustrate the usefulness of the framework, we show that Mantel’s Basic Security Predicates (BSPs), the noninterference policies they compose, as well as their respective unwinding relations, have a meaningful coinductive reinterpretation. We prove that in a number of cases the coinductive variants of the unwinding relations imply the respective coinductive variants of the BSPs. Moreover, the latter can be used to compose high-level security-relevant hyperproperties for both finite and infinite systems. A number of the unwinding theorems also hold as expected. In conclusion, the proposed framework and results are useful both theoretically in the study of hyperproperties and in practice for verification of hyperproperties on potentially infinite systems.
KeywordsIEEE Computer Society Security Policy Execution Trace Covert Channel Simulation Relation
Unable to display preview. Download preview PDF.
- 3.Goguen, J.A., Meseguer, J.: Unwinding and Inference Control. In: IEEE Symposium on Security and Privacy, pp. 75–86 (1984)Google Scholar
- 4.Guttman, J.D., Nadel, M.E.: What Needs Securing? In: Proceedings of the IEEE Computer Security Foundations Workshop, pp. 34–57 (1988)Google Scholar
- 6.Johnson, D.M., Thayer, J.F.: Security and the Composition of Machines. In: Proceedings of the IEEE Computer Security Foundations Workshop, pp. 72–89 (1988)Google Scholar
- 8.Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes, Saarbrücken, Germany (July 2003)Google Scholar
- 9.McCullough, D.: Specifications for Multi-Level Security and a Hook-Up. In: IEEE Symposium on Security and Privacy, pp. 161–166 (1987)Google Scholar
- 10.Jonathan Millen. Unwinding Forward Correctability. In: Proceedings of the Computer Security Foundations Workshop, pp. 2–10. IEEE (1994)Google Scholar
- 11.Milushev, D., Clarke, D.: Coinductive unwinding of security-relevant hyperproperties: extended version. Technical Report CW 623, Katholieke Universiteit Leuven (August 2012)Google Scholar
- 13.Rushby, J.: Noninterference, Transitivity and Channel-Control Security Policies. Technical Report CSL-92-02, SRI InternationalGoogle Scholar
- 15.Ryan, P.Y.A.: A CSP formulation of non-interference and unwinding. In: Cipher: IEEE Computer Society Technical Committee Newsletter on Security & Privacy, pp. 19–30 (March 1991)Google Scholar
- 16.Ryan, P.Y.A., Schneider, S.A.: Process Algebra and Non-Interference. Journal of Computer Security 9(1/2), 75–103 (2001)Google Scholar
- 17.Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, SP 1997, pp. 94–102. IEEE Computer Society, Washington, DC (1997)Google Scholar