A Proof System for Information Flow Security

  • Annalisa Bossi
  • Riccardo Focardi
  • Carla Piazza
  • Sabina Rossi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2664)


Persistent_BNDC (P_BNDC, for short) is an information-flow security property for processes in dynamic contexts, i.e., contexts that can be reconfigured at runtime. Intuitively, P_BNDC requires that high level interactions never interfere with the low level behavior of the system, in every possible state. P_BNDC is verified by checking whether the system interacting with a high level component is bisimilar or not to the system in isolation. In this work we contribute to the verification of information-flow security in two respects: (i) we give an unwinding condition that allows us to express P_BNDC in terms of a local property on high level actions and (ii) we exploit this local property in order to define a proof system which provides a very efficient technique for the development and the verification of P_BNDC processes.


Proof System Security Property High Level Action Label Transition System Access Read 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Abadi. Secrecy by Typing in Security Protocols. Journal of the ACM, 46(5):749–786, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    C. Bodei, P. Degano, F. Nielson, and H. Nielson. Static analysis for the pi-calculus with applications to security. Information and Computation, 168(1):68–92, 2001.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    A. Bossi, R. Focardi, C. Piazza, and S. Rossi. Transforming processes to ensure and check information flow security. In H. Kirchner and C. Ringeissen, editors, Int. Conference on Algebraic Methodology and Software Technology (AMAST’02), volume 2422 of LNCS, pages 271–286. Springer, 2002.CrossRefGoogle Scholar
  4. 4.
    A. Bouali and R. de Simone. Symbolic Bisimulation Minimization. In Proc. of Computer Aided Verification, volume 663 of LNCS, pages 96–108. Springer, 1992.Google Scholar
  5. 5.
    G. Boudol and I. Castellani. Non-Interference for Concurrent Programs. In Proc. of Int. Colloquium on Automata, Languages and Programming, volume 2076 of LNCS, pages 382–395. Springer, 2001.CrossRefGoogle Scholar
  6. 6.
    C. Braghin, A. Cortesi, and R. Focardi. Control Flow Analysis of Mobile Ambients with Security Boundaries. In Proc. of IFIPM Int. Conf. on Formal Methods for Open Object-Based Distributed Systems, pages 197–212. Kluwer, 2002.Google Scholar
  7. 7.
    A. Dovier, C. Piazza, and A. Policriti. A Fast Bisimulation Algorithm. In Proc. of Computer Aided Verification, volume 2102 of LNCS, pages 79–90. Springer, 2001.Google Scholar
  8. 8.
    N. A. Durgin, J. C. Mitchell, and D. Pavlovic. A Compositional Logic for Protocol Correctness. In Proc. of Computer Security Foundations Workshop. IEEE, 2001.Google Scholar
  9. 9.
    R. Focardi and R. Gorrieri. The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties. IEEE Transactions on Software Engineering, 23(9):550–571, 1997.CrossRefGoogle Scholar
  10. 10.
    R. Focardi and R. Gorrieri. Classification of Security Properties (Part I: Information Flow). In R. Focardi and R. Gorrieri, editors, Foundations of Security Analysis and Design, volume 2171 of LNCS. Springer, 2001.Google Scholar
  11. 11.
    R. Focardi and S. Rossi. Information Flow Security in Dynamic Contexts. In Proc. of 15th Computer Security Foundations Workshop, pages 307–319. IEEE, 2002.Google Scholar
  12. 12.
    J. A. Goguen and J. Meseguer. Security Policies and Security Models. In Proc. of the IEEE Symp. on Security and Privacy, pages 11–20. IEEE, 1982.Google Scholar
  13. 13.
    M. Hennessy and J. Riely. Information Flow vs. Resource Access in the Asynchronous Pi-Calculus. In Proc. of Int. Colloquium on Automata, Languages and Programming (ICALP’00), volume 1853 of LNCS, pages 415–427. Springer, 2000.CrossRefGoogle Scholar
  14. 14.
    D. Lee and M. Yannakakis. Online Minimization of Transition Systems. In Proc. of 24th Symp. on Theory of Computing, pages 264–274. ACM, 1992.Google Scholar
  15. 15.
    H. Mantel. Possibilistic Definitions of Security — An Assebly Kit-. In Proc. of the IEEE Symp. on Security and Privacy, pages 185–199. IEEE, 2000.Google Scholar
  16. 16.
    H. Mantel. Unwinding Possibilistic Security Properties. In Proc. of European Symp. on Research in Computer Security, volume 2895 of LNCS. Springer, 2000.Google Scholar
  17. 17.
    F. Martinelli. Partial Model Checking and Theorem Proving for Ensuring Security Properties. In Proc. Computer Security Foundations Workshop. IEEE, 1998.Google Scholar
  18. 18.
    D. McCullough. A Hookup Theorem for Multilevel Security. IEEE Transactions on Software Engineering, pages 563–568, June 1990.Google Scholar
  19. 19.
    J. McLean. A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions. In Proc. Symp. on Security and Privacy, pages 79–93, 1994.Google Scholar
  20. 20.
    J. K. Millen. Unwinding Forward Correctability. In Proc. of 7th Computer Security Foundations Workshop, pages 2–10. IEEE, 1994.Google Scholar
  21. 21.
    R. Milner. Communication and Concurrency. Prentice-Hall, 1989.Google Scholar
  22. 22.
    R. Paige and R. E. Tarjan. Three Partition Refinement Algorithms. SIAM Journal on Computing, 16(6):973–989, 1987.zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    L. C. Paulson. Proving Properties of Security Protocols by Induction. In Proc. of 10th Computer Security Foundations Workshop, pages 70–83. IEEE, 1997.Google Scholar
  24. 24.
    J. Rushby. Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report Technical Report CSL-92-02, SRI International, December 1992.Google Scholar
  25. 25.
    A. Sabelfeld and D. Sands. Probabilistic Noninterference for Multi-threaded Programs. In Proc. of Computer Security Foundations Workshop. IEEE, 2000.Google Scholar
  26. 26.
    S. Schneider. Verifying Authentication Protocols in CSP. IEEE Transactions on Software Engineering, 24(9), 1998.Google Scholar
  27. 27.
    V. Shmatikov and J. C. Mitchell. Analysis of a Fair Exchange Protocol. In Proc. of 7th Annual Symp. on Network and Distributed System Security, pages 119–128. Internet Society, 2000.Google Scholar
  28. 28.
    G. Smith and D. M. Volpano. Secure Information Flow in a Multi-threaded Imperative Language. In Proc. of 25th Symp. on Principles of Programming Languages, pages 355–364. ACM, 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Annalisa Bossi
    • 1
  • Riccardo Focardi
    • 1
  • Carla Piazza
    • 1
  • Sabina Rossi
    • 1
  1. 1.Dipartimento di InformaticaUniversità Ca’ Foscari di VeneziaItaly

Personalised recommendations