Secure Information Flow for Concurrent Processes

  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1877)


Information flow security is that aspect of computer security concerned with how confidential information is allowed to flow through a computer system. This is especially subtle when considering processes that are executed concurrently. We consider the notion of Probabilistic Noninterference (PNI) proposed in the literature to ensure secure information flow in concurrent processes. In the setting of a model of probabilistic dataflow, we provide a number of important results towards simplified verification that suggest relevance in the interaction of probabilistic processes outside this particular framework:

PNI is shown to be compositional by casting it into a rely-guarantee framework, where the proof yields a more general Inductive Compositionality Principle. We deliver a considerably simplified criterion equivalent to PNI by “factoring out” the probabilistic behaviour of the environment. We show that the simpler nonprobabilistic notion of Nondeducibility-on-Strategies proposed in the literature is an instantiation of PNI, allowing us to extend our results to it.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Abr99.
    S. Abramsky. A note on reactive refinement, 1999. Manuscript.Google Scholar
  2. AHKV98.
    Rajeev Alur, Thomas A. Henzinger, Orna Kupferman, and Moshe Vardi. Alternating refinement relations. In CONCUR’98, volume 1466 of Lecture Notes in Computer Science, pages 163–178. Springer Verlag, 1998.Google Scholar
  3. AL93.
    M. Abadi and Leslie Lamport. Composing specifications. ACM Transactions on Programming Languages and Systems 15, 1:73–132, January 1993.Google Scholar
  4. AR00.
    M. Abadi and P. Rogaway. Reconciling two views of cryptography (invited lecture). In TCS 2000, August 2000.Google Scholar
  5. dAKN+00._L. de Alfaro, M. Kwiatkowska, G. Norman, D. Parker, and R. Segala. Symbolic model checking of concurrent probabilistic processes using MTBDDs and the Kronecker representation. In TACAS’2000, Lecture Notes in Computer Science, January 2000.Google Scholar
  6. DGJP99.
    J. Desharnais, V. Gupta, R. Jagadeesan, and P. Panagaden. Metrics for labeled markov systems. In CONCUR, 1999.Google Scholar
  7. DS99.
    Bruno Dutertre and Victoria Stavridou. A model of noninterference for integrating mixed-criticality software components. In DCCA-7, Seventh IFIP International Working Conference on Dependable Computing for Critical Applications, San Jose, CA, January 1999.Google Scholar
  8. Dut99.
    B. Dutertre. State of the art in secure noninterference, 1999. Manuscript.Google Scholar
  9. FG94.
    R. Focardi and R. Gorrieri. A classification of security properties for process algebra. J. Computer Security, 3(1):5–33, 1994.Google Scholar
  10. FG97.
    R. Focardi and R. Gorrieri. The compositional security checker: A tool for the verification of information flow security properties. IEEE Transaction of Software Engineering, 23(9), September 1997.Google Scholar
  11. Foc96.
    R. Focardi. Comparing two information flow security properties. In Proceeding of the 9th IEEE Computer Security Foundation Workshop, pages 116–122, June 1996.Google Scholar
  12. GM82.
    J. Goguen and J. Meseguer. Security policies and security models. In Proceedings of the 1982 Symposium on Security and Privacy, pages 11–20. IEEE Computer Society, 1982.Google Scholar
  13. Gra92.
    J. W. Gray. Toward A Mathematical Foundation for Information Flow Security. Journal of Computer Security, 3–4(1):255–294, 1992.Google Scholar
  14. Jon87.
    B. Jonsson. Compositional Verification of Distributed Systems. PhD thesis, Department of Computer Systems, Uppsala University, 1987. Tech. Rep. DoCS 87/09.Google Scholar
  15. Jür00.
    J. Jürjens. Verification of probabilistic secure information flow, 2000. submitted.Google Scholar
  16. Low99.
    Gavin Lowe. Defining information flow. Technical report, Department of Mathematics and Computer Science Technical Report 1999/3, University of Leicester, 1999.Google Scholar
  17. McL90.
    J. McLean. Security Models and Information Flow. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 180–187, Oakland, CA, May 1990.Google Scholar
  18. McL94.
    J. McLean. Security models. In John Marciniak, editor, Encyclopedia of Software Engineering. Wiley & Sons, Inc., 1994.Google Scholar
  19. McL96.
    John D. McLean. A general theory of composition for a class of ”possibilistic” properties. IEEE Transactions on Software Engineering, 22(1):53–67, January 1996.Google Scholar
  20. RG99.
    A. Roscoe and M. Goldsmith. What is intransitive noninterference? In Proceedings of the Computer Security Foundations Workshop of the IEEE Computer Society (CSFW), 1999.Google Scholar
  21. Ros95.
    A.W. Roscoe. CSP and determinism in security modelling. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, 1995.Google Scholar
  22. RS99.
    P. Ryan and S. Schneider. Process algebra and non-interference. In Proceedings of the 12 th Computer Security Foundations Workshop of the IEEE Computer Society (CSFW 12), 1999.Google Scholar
  23. RWW94.
    A. Roscoe, J. Woodcock, and L. Wulf. Non-interference through determinism. In ESORICS, 1994.Google Scholar
  24. Sha58.
    C. Shannon. Channels with side information at the transmitter. IBM Journal of Research and Development, 2:289–293, 1958.MathSciNetCrossRefGoogle Scholar
  25. WJ90.
    J. T. Wittbold and D. M. Johnson. Information Flow in Nondeterministic Systems. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 144–161, Oakland, CA, May 1990.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.LFCS, Division of InformaticsUniversity of EdinburghEdinburghGB

Personalised recommendations