Coinductive Unwinding of Security-Relevant Hyperproperties

  • Dimiter Milushev
  • Dave Clarke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7617)


Unwinding relations have been widely used to prove that finite systems are secure with respect to a variety of noninterference policies. The latter are prominent instances of security-relevant hyperproperties. As hyperproperties are defined on potentially infinite systems, a new mathematical development is needed in order to (re)use unwinding relations for generic verification of security-relevant hyperproperties. In this paper we propose a framework for coinductive unwinding of security relevant hyperproperties. To illustrate the usefulness of the framework, we show that Mantel’s Basic Security Predicates (BSPs), the noninterference policies they compose, as well as their respective unwinding relations, have a meaningful coinductive reinterpretation. We prove that in a number of cases the coinductive variants of the unwinding relations imply the respective coinductive variants of the BSPs. Moreover, the latter can be used to compose high-level security-relevant hyperproperties for both finite and infinite systems. A number of the unwinding theorems also hold as expected. In conclusion, the proposed framework and results are useful both theoretically in the study of hyperproperties and in practice for verification of hyperproperties on potentially infinite systems.


IEEE Computer Society Security Policy Execution Trace Covert Channel Simulation Relation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bohannon, A., Pierce, B.C., Sjöberg, V., Weirich, S., Zdancewic, S.: Reactive noninterference. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 79–90. ACM Press, New York (2009)CrossRefGoogle Scholar
  2. 2.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. In: CSF 2008: Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium, pp. 51–65. IEEE Computer Society Press, Washington, DC (2008)CrossRefGoogle Scholar
  3. 3.
    Goguen, J.A., Meseguer, J.: Unwinding and Inference Control. In: IEEE Symposium on Security and Privacy, pp. 75–86 (1984)Google Scholar
  4. 4.
    Guttman, J.D., Nadel, M.E.: What Needs Securing? In: Proceedings of the IEEE Computer Security Foundations Workshop, pp. 34–57 (1988)Google Scholar
  5. 5.
    Haigh, J.T., Young, W.D.: Extending the Noninterference Version of MLS for SAT. IEEE Transactions on Software Engineering 13(2), 141–150 (1987)CrossRefGoogle Scholar
  6. 6.
    Johnson, D.M., Thayer, J.F.: Security and the Composition of Machines. In: Proceedings of the IEEE Computer Security Foundations Workshop, pp. 72–89 (1988)Google Scholar
  7. 7.
    Mantel, H.: Possibilistic Definitions of Security - An Assembly Kit. In: Proceedings of the 13th IEEE Workshop on Computer Security Foundations, pp. 185–199. IEEE Computer Society, Washington, DC (2000)CrossRefGoogle Scholar
  8. 8.
    Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes, Saarbrücken, Germany (July 2003)Google Scholar
  9. 9.
    McCullough, D.: Specifications for Multi-Level Security and a Hook-Up. In: IEEE Symposium on Security and Privacy, pp. 161–166 (1987)Google Scholar
  10. 10.
    Jonathan Millen. Unwinding Forward Correctability. In: Proceedings of the Computer Security Foundations Workshop, pp. 2–10. IEEE (1994)Google Scholar
  11. 11.
    Milushev, D., Clarke, D.: Coinductive unwinding of security-relevant hyperproperties: extended version. Technical Report CW 623, Katholieke Universiteit Leuven (August 2012)Google Scholar
  12. 12.
    Milushev, D., Clarke, D.: Towards Incrementalization of Holistic Hyperproperties. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 329–348. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Rushby, J.: Noninterference, Transitivity and Channel-Control Security Policies. Technical Report CSL-92-02, SRI InternationalGoogle Scholar
  14. 14.
    Rutten, J.J.M.M.: Automata and Coinduction (An Exercise in Coalgebra). In: Sangiorgi, D., de Simone, R. (eds.) CONCUR 1998. LNCS, vol. 1466, pp. 194–218. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Ryan, P.Y.A.: A CSP formulation of non-interference and unwinding. In: Cipher: IEEE Computer Society Technical Committee Newsletter on Security & Privacy, pp. 19–30 (March 1991)Google Scholar
  16. 16.
    Ryan, P.Y.A., Schneider, S.A.: Process Algebra and Non-Interference. Journal of Computer Security 9(1/2), 75–103 (2001)Google Scholar
  17. 17.
    Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, SP 1997, pp. 94–102. IEEE Computer Society, Washington, DC (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Dimiter Milushev
    • 1
  • Dave Clarke
    • 1
  1. 1.IBBT-DistriNetKU LeuvenHeverleeBelgium

Personalised recommendations