Noninterfering Schedulers

When Possibilistic Noninterference Implies Probabilistic Noninterference
  • Andrei Popescu
  • Johannes Hölzl
  • Tobias Nipkow
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8089)

Abstract

We develop a framework for expressing and analyzing the behavior of probabilistic schedulers. There, we define noninterfering schedulers by a probabilistic interpretation of Goguen and Meseguer’s seminal notion of noninterference. Noninterfering schedulers are proved to be safe in the following sense: if a multi-threaded program is possibilistically noninterfering, then it is also probabilistically noninterfering when run under this scheduler.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agat, J.: Transforming out timing leaks. In: POPL, pp. 40–53 (2000)Google Scholar
  2. 2.
    Baier, C., Hermanns, H.: Weak bisimulation for fully probabilistic processes. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 119–130. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Boudol, G., Castellani, I.: Noninterference for concurrent programs. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 382–395. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281(1-2), 109–130 (2002)MathSciNetMATHCrossRefGoogle Scholar
  5. 5.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  6. 6.
    Kemeny, J.G., Snell, J.L., Knapp, A.W.: Denumerable Markov chains, 2nd edn. Springer (1976)Google Scholar
  7. 7.
    Mantel, H., Sabelfeld, A.: A generic approach to the security of multi-threaded programs. In: CSFW, pp. 200–214 (2001)Google Scholar
  8. 8.
    Mantel, H., Sands, D., Sudbrock, H.: Assumptions and guarantees for compositional noninterference. In: CSF 2001, pp. 218–232 (2011)Google Scholar
  9. 9.
    Mantel, H., Sudbrock, H.: Flexible scheduler-independent security. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 116–133. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Popescu, A., Hölzl, J., Nipkow, T.: Noninterfering schedulers—when posibilistic noninterference implies probabilistic noninterference. Technical report. Technische Universität München (2013), http://mediatum.ub.tum.de/?id=1159789
  11. 11.
    Popescu, A., Hölzl, J., Nipkow, T.: Proving concurrent noninterference. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 109–125. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Russo, A., Hughes, J., Naumann, D., Sabelfeld, A.: Closing internal timing channels by transformation. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 120–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Russo, A., Sabelfeld, A.: Securing interaction between threads and the scheduler. In: IEEE Computer Security Foundations Workshop, pp. 177–189 (2006)Google Scholar
  14. 14.
    Russo, A., Sabelfeld, A.: Security for multithreaded programs under cooperative scheduling. In: Virbitskaite, I., Voronkov, A. (eds.) PSI 2006. LNCS, vol. 4378, pp. 474–480. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Sabelfeld, A.: Confidentiality for multithreaded programs via bisimulation. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 260–274. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  17. 17.
    Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: IEEE Computer Security Foundations Workshop, pp. 200–214 (1999)Google Scholar
  18. 18.
    Smith, G.: Probabilistic noninterference through weak probabilistic bisimulation. In: IEEE Computer Security Foundations Workshop, pp. 3–13 (2003)Google Scholar
  19. 19.
    Smith, G.: Improved typings for probabilistic noninterference in a multi-threaded language. Journal of Computer Security 14(6), 591–623 (2006)Google Scholar
  20. 20.
    Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: ACM Symposium on Principles of Programming Languages, pp. 355–364 (1998)Google Scholar
  21. 21.
    Vardi, M.Y., Wolper, P.: An automata-theoretic approach to automatic program verification (preliminary report). In: LICS, pp. 332–344 (1986)Google Scholar
  22. 22.
    Volpano, D., Smith, G.: Probabilistic noninterference in a concurrent language. Journal of Computer Security 7(2-3), 231–253 (1999)Google Scholar
  23. 23.
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(2-3), 167–187 (1996)Google Scholar
  24. 24.
    Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: IEEE Computer Security Foundations Workshop, pp. 29–43 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Andrei Popescu
    • 1
  • Johannes Hölzl
    • 1
  • Tobias Nipkow
    • 1
  1. 1.Technische Universität MünchenGermany

Personalised recommendations