Noninterfering Schedulers

When Possibilistic Noninterference Implies Probabilistic Noninterference
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8089)


We develop a framework for expressing and analyzing the behavior of probabilistic schedulers. There, we define noninterfering schedulers by a probabilistic interpretation of Goguen and Meseguer’s seminal notion of noninterference. Noninterfering schedulers are proved to be safe in the following sense: if a multi-threaded program is possibilistically noninterfering, then it is also probabilistically noninterfering when run under this scheduler.


Operational Semantic Linear Temporal Logic Rich History Linear Temporal Logic Formula Multithreaded Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agat, J.: Transforming out timing leaks. In: POPL, pp. 40–53 (2000)Google Scholar
  2. 2.
    Baier, C., Hermanns, H.: Weak bisimulation for fully probabilistic processes. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 119–130. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Boudol, G., Castellani, I.: Noninterference for concurrent programs. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 382–395. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Boudol, G., Castellani, I.: Noninterference for concurrent programs and thread systems. Theoretical Computer Science 281(1-2), 109–130 (2002)MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  6. 6.
    Kemeny, J.G., Snell, J.L., Knapp, A.W.: Denumerable Markov chains, 2nd edn. Springer (1976)Google Scholar
  7. 7.
    Mantel, H., Sabelfeld, A.: A generic approach to the security of multi-threaded programs. In: CSFW, pp. 200–214 (2001)Google Scholar
  8. 8.
    Mantel, H., Sands, D., Sudbrock, H.: Assumptions and guarantees for compositional noninterference. In: CSF 2001, pp. 218–232 (2011)Google Scholar
  9. 9.
    Mantel, H., Sudbrock, H.: Flexible scheduler-independent security. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 116–133. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Popescu, A., Hölzl, J., Nipkow, T.: Noninterfering schedulers—when posibilistic noninterference implies probabilistic noninterference. Technical report. Technische Universität München (2013),
  11. 11.
    Popescu, A., Hölzl, J., Nipkow, T.: Proving concurrent noninterference. In: Hawblitzel, C., Miller, D. (eds.) CPP 2012. LNCS, vol. 7679, pp. 109–125. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Russo, A., Hughes, J., Naumann, D., Sabelfeld, A.: Closing internal timing channels by transformation. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 120–135. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Russo, A., Sabelfeld, A.: Securing interaction between threads and the scheduler. In: IEEE Computer Security Foundations Workshop, pp. 177–189 (2006)Google Scholar
  14. 14.
    Russo, A., Sabelfeld, A.: Security for multithreaded programs under cooperative scheduling. In: Virbitskaite, I., Voronkov, A. (eds.) PSI 2006. LNCS, vol. 4378, pp. 474–480. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Sabelfeld, A.: Confidentiality for multithreaded programs via bisimulation. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 260–274. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  17. 17.
    Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: IEEE Computer Security Foundations Workshop, pp. 200–214 (1999)Google Scholar
  18. 18.
    Smith, G.: Probabilistic noninterference through weak probabilistic bisimulation. In: IEEE Computer Security Foundations Workshop, pp. 3–13 (2003)Google Scholar
  19. 19.
    Smith, G.: Improved typings for probabilistic noninterference in a multi-threaded language. Journal of Computer Security 14(6), 591–623 (2006)Google Scholar
  20. 20.
    Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: ACM Symposium on Principles of Programming Languages, pp. 355–364 (1998)Google Scholar
  21. 21.
    Vardi, M.Y., Wolper, P.: An automata-theoretic approach to automatic program verification (preliminary report). In: LICS, pp. 332–344 (1986)Google Scholar
  22. 22.
    Volpano, D., Smith, G.: Probabilistic noninterference in a concurrent language. Journal of Computer Security 7(2-3), 231–253 (1999)Google Scholar
  23. 23.
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(2-3), 167–187 (1996)Google Scholar
  24. 24.
    Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: IEEE Computer Security Foundations Workshop, pp. 29–43 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Technische Universität MünchenGermany

Personalised recommendations