The Shadow Knows: Refinement of Ignorance in Sequential Programs

  • Carroll Morgan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4014)


Separating sequential-program state into “visible” and “hidden” parts facilitates reasoning about knowledge, security and privacy: applications include zero-knowledge protocols, and security contexts with hidden “high-security” state and visible “low-security” state. A rigorous definition of how specifications relate to implementations, as part of that reasoning, must ensure that implementations reveal no more than their specifications: they must, in effect, preserve ignorance.

We propose just such a definition –a relation of ignorance-preserving refinement– between specifications and implementations of sequential programs. Its purpose is to enable a development-by-refinement methodology for applications like those above.

Since preserving ignorance is an extra obligation, the proposed refinement relation restricts (rather than extends) the usual. We suggest general principles for restriction, and we give specific examples of them.

To argue that we do not restrict too much –for “no refinements allowed at all” is trivially ignorance-preserving– we derive The Dining Cryptographers protocol via a program algebra based on the restricted refinement relation. It is also a motivating case study, as it has never before (we believe) been treated refinement-algebraically.

In passing, we discuss –and solve– the Refinement Paradox.


Multiagent System Hide Variable Operational Semantic Sequential Program Kripke Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hoare, C.: An axiomatic basis for computer programming. Commun. of ACM 12(10), 576–580, 583 (1969)MATHCrossRefGoogle Scholar
  2. 2.
    Dijkstra, E.: A Discipline of Programming. Prentice Hall, Englewood Cliffs (1976)MATHGoogle Scholar
  3. 3.
    Back, R.J., von Wright, J.: Refinement Calculus: A Systematic Introduction. Springer, Heidelberg (1998)MATHGoogle Scholar
  4. 4.
    Morgan, C.: Programming from Specifications, 2nd edn. Prentice Hall, Englewood Cliffs (1994), MATHGoogle Scholar
  5. 5.
    Jacob, J.: Security specifications. In: Proc. of 1988 IEEE Symp. on Security and Privacy, S&P 1988, pp. 14–23. IEEE Comput. Soc. Press, Los Alamitos (1988)CrossRefGoogle Scholar
  6. 6.
    Chaum, D.: The Dining Cryptographers problem: Unconditional sender and recipient untraceability. J. of Cryptol. 1(1), 65–75 (1988)MATHMathSciNetGoogle Scholar
  7. 7.
    Halpern, J., O’Neill, K.: Secrecy in multiagent systems. In: Proc. of 15th IEEE Computer Security Foundations Wksh., CSFW 2002, pp. 32–46. IEEE Comput. Soc. Press, Los Alamitos (2002)CrossRefGoogle Scholar
  8. 8.
    Fagin, R., Halpern, J., Moses, Y., Vardi, M.: Reasoning about Knowledge. MIT Press, Cambridge (1995)MATHGoogle Scholar
  9. 9.
    Smyth, M.: Power domains. J. of Comput. and Syst. Sci. 16, 23–36 (1978)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Halpern, J., O’Neill, K.: Anonymity and information hiding in multiagent systems. In: Proc. of 16th IEEE Computer Security Foundations Wksh., CSFW 2003, pp. 75–88. IEEE Comput. Soc. Press, Los Alamitos (2003)CrossRefGoogle Scholar
  11. 11.
    Mantel, H.: Preserving information flow properties under refinement. In: Proc. of 2001 IEEE Symp. Security and Privacy, S&P 2001, pp. 78–91. IEEE Comput. Soc. Press, Los Alamitos (2001)CrossRefGoogle Scholar
  12. 12.
    Engelhardt, K., Moses, Y., van der Meyden, R.: Unpublished report (2005)Google Scholar
  13. 13.
    van der Meyden, R., Su, K.: Symbolic model checking the knowledge of the Dining Cryptographers. In: Proc. of 17th IEEE Computer Security Foundations Wksh., CSFW 2004, pp. 280–291. IEEE Comput. Soc. Press, Los Alamitos (2004)CrossRefGoogle Scholar
  14. 14.
    Cohen, E.: Information transmission in sequential programs. ACM SIGOPS Operatings Syst. Review 11(5), 133–139 (1977)CrossRefGoogle Scholar
  15. 15.
    Goguen, J., Meseguer, J.: Unwinding and inference control. In: Proc. of 1984 IEEE Symp. on Security and Privacy, S&P 1984, pp. 75–86. IEEE Comput. Soc. Press, Los Alamitos (1984)Google Scholar
  16. 16.
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. of Selected Areas of Commun. 21(1) (2003)Google Scholar
  17. 17.
    Leino, K., Joshi, R.: A semantic approach to secure information flow. Sci. of Comput. Program 37(1-3), 113–138 (2000)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Sabelfeld, A., Sands, D.: A PER model of secure information flow. Higher-Order and Symb. Comput. 14(1), 59–91 (2001)MATHCrossRefGoogle Scholar
  19. 19.
    Roscoe, A.W., Woodcock, J., Wulf, L.: Non-interference through determinism. J. of Comput. Security 4(1), 27–54 (1996)Google Scholar
  20. 20.
    Back, R.J., Kurki-Suonio, R.: Decentralisation of process nets with centralised control. In: Proc. of 2nd ACM SIGACT-SIGOPS Symp. on Principles of Distributed Computing, PODC 1983, pp. 131–142. ACM Press, New York (1983)CrossRefGoogle Scholar
  21. 21.
    McIver, A., Morgan, C.: Abstraction, Refinement and Proof for Probabilistic Systems. In: Technical Monographs in Computer Science. Springer, Heidelberg (2005)Google Scholar
  22. 22.
    Hintikka, J.: Knowledge and Belief: an Introduction to the Logic of the Two Notions. Cornell University Press (1962); Available in a new edition, Hendricks and Symonds. Kings College Publ. (2005)Google Scholar
  23. 23.
    Halpern, J.Y., Moses, Y.: Knowledge and common knowledge in a distributed environment. J. of ACM 37(3), 549–587 (1990)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Carroll Morgan
    • 1
  1. 1.Dept. of Computer Science and EngineeringUniversity of New South WalesSydneyAustralia

Personalised recommendations