Advertisement

A Formal Framework for Confidentiality-Preserving Refinement

  • Thomas Santen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)

Abstract

Based on a system model consisting of processes describing the machine, the honest users and the adversary, this paper introduces an abstract framework of refinement relations preserving existential confidentiality properties for nondeterministic, probabilistic systems. It allows a refinement step to trade functionality between the machine and its environment, thus shifting the conceptual boundary between machine and environment. A refinement also permits the realization to extend the observational means of an adversary. A confidentiality-preserving refinement relation is defined in terms of another, more basic relation that considers deterministic probabilistic processes. An instantiation with an entropy-based confidentiality property illustrates the use of this framework. The relationship to other concepts of secure refinement, in particular to reactive simulatability, is discussed.

Keywords

IEEE Computer Society IEEE Symposium Probabilistic Choice Formal Framework Indistinguishability Class 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abrial, J.-R.: The B-Book: Assigning programs to meanings. Cambridge University Press, Cambridge (1996)MATHCrossRefGoogle Scholar
  2. 2.
    Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations (extended abstract). In: Proc. 10th ACM Conference on Computer and Communications Security, pp. 220–230 (2003)Google Scholar
  3. 3.
    Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. IACR ePrint Archive (March 2004), Online available at: http://eprint.iacr.org/2004/082.ps
  4. 4.
    Behm, P., Benoit, P., Faivre, A., Meynadier, J.-M.: Météor: A successful application of B in a large project. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 369–387. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145 (2001)Google Scholar
  6. 6.
    Ciesinski, F., Größer, M.: On probabilistic computation tree logic. In: Baier, C., Haverkort, B.R., Hermanns, H., Katoen, J.-P., Siegle, M. (eds.) Validation of Stochastic Systems. LNCS, vol. 2925, pp. 147–188. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Derrick, J., Boiten, E.: Refinement in Z and Object-Z. Springer, London (2001)MATHGoogle Scholar
  8. 8.
    Graham-Cumming, J., Sanders, J.W.: On the refinement of non-interference. In: 9th IEEE Computer Security Foundations Workshop, pp. 35–42. IEEE Computer Society Press, Los Alamitos (1991)CrossRefGoogle Scholar
  9. 9.
    Gray III, J.W.: Toward a mathematical foundation for information flow security. Journal of Computer Security, 255–294 (1992)Google Scholar
  10. 10.
    Heisel, M., Pfitzmann, A., Santen, T.: Confidentiality-preserving refinement. In: 14th IEEE Computer Security Foundations Workshop, pp. 295–305. IEEE Computer Society Press, Los Alamitos (2001)CrossRefGoogle Scholar
  11. 11.
    Hoare, C.A.R.: Proof of correctness of data representations. Acta Informatica 1, 271–281 (1972)MATHCrossRefGoogle Scholar
  12. 12.
    Jacob, J.: On the derivation of secure components. In: IEEE Symposium on Security and Privacy, pp. 242–247. IEEE Press, Los Alamitos (1989)CrossRefGoogle Scholar
  13. 13.
    Jones, C.B.: Systematic Software Development using VDM, 2nd edn. Prentice-Hall, Englewood Cliffs (1990)MATHGoogle Scholar
  14. 14.
    Jürjens, J.: Secrecy-preserving refinement. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 135–152. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Liskov, B., Wing, J.: A behavioral notion of subtyping. ACM Transactions on Programming Languages and Systems 16(6), 1811–1841 (1994)CrossRefGoogle Scholar
  16. 16.
    Lowe, G.: Quantifying information flow. In: 15th IEEE Computer Security Foundations Workshop, pp. 18–31. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  17. 17.
    MacKay, D.: Information Theory, Inference, and Learning Algorithms. Cambridge University Press, Cambridge (2003)MATHGoogle Scholar
  18. 18.
    Mantel, H.: Preserving information flow properties under refinement. In: IEEE Symposium on Security and Privacy, pp. 78–91. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  19. 19.
    Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes (2003)Google Scholar
  20. 20.
    McLean, J.: A general theory of composition for a class of “possibilistic” properties. IEEE Transactions on Software Engineering 22(1), 53–67 (1996)CrossRefGoogle Scholar
  21. 21.
    Meyer, B.: Applying “design by contract”. IEEE Computer, 40–51 (October 1992)Google Scholar
  22. 22.
    Morgan, C., McIver, A., Seidel, K., Sanders, J.W.: Refinement-oriented probability for CSP. Formal Aspects of Computing 8(6), 617–647 (1996)MATHCrossRefGoogle Scholar
  23. 23.
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, pp. 184–201. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  24. 24.
    Roscoe, A.W.: CSP and determinism in security modelling. In: Proc. IEEE Symposium on Security and Privacy, pp. 114–127. IEEE Computer Society Press, Los Alamitos (1995)Google Scholar
  25. 25.
    Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Englewood Cliffs (1998)Google Scholar
  26. 26.
    Roscoe, A.W., Woodcock, J.C.P., Wulf, L.: Non-interference through determinism. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 33–53. Springer, Heidelberg (1994)Google Scholar
  27. 27.
    Ryan, P.Y.A., Schneider, S.A.: Process algebra and non-interference. In: 12th IEEE Computer Security Foundations Workshop, pp. 214–227. IEEE Computer Society, Los Alamitos (1999)CrossRefGoogle Scholar
  28. 28.
    Santen, T.: Probabilistic confidentiality properties based on indistinguishability. In: Federrath, H. (ed.) Proc. Sicherheit 2005 – Schutz und Zuverlässigkeit, Gesellschaft für Informatik. Lecture Notes in Informatics, pp. 113–124 (2005)Google Scholar
  29. 29.
    Santen, T., Heisel, M., Pfitzmann, A.: Confidentiality-preserving refinement is compositional - sometimes. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 194–211. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  30. 30.
    Segala, R., Lynch, N.: Probabilistic simulations for probabilistic processes. Nordic Journal of Computing 2(2), 250–273 (1995)MATHMathSciNetGoogle Scholar
  31. 31.
    Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: Proc. IEEE Symposium on Security and Privacy, pp. 94–102 (1997)Google Scholar
  32. 32.
    Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Transactions on Software Engineering and Methodology 6(1), 1–30 (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Thomas Santen
    • 1
  1. 1.Institut für Softwaretechnik und Theoretische InformatikTechnische Universität BerlinGermany

Personalised recommendations