Abstract
This paper presents an approach for extending the Circus formalism to accommodate information flow security concerns. Working with the semantics of Circus, we introduce a notation for specifying which aspects of Circus processes are confidential and should not be revealed to low-level users. We also describe a novel procedure for verifying that a process satisfies its confidentiality properties.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
McLean, J.: Security models. In: Marciniak, J. (ed.) Encyclopedia of Software Engineering, vol. 2, pp. 1136–1145. John Wiley & Sons, Inc., Chichester (1994)
Ryan, P.: Mathematical models of computer security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 1–62. Springer, Heidelberg (2001)
Cavalcanti, A., Sampaio, A., Woodcock, J.: A refinement strategy for Circus. Formal Aspects of Computing 15(2-3), 146–181 (2003)
Oliveira, M.V.: Formal Derivation of State-Rich Reactive Programs using Circus. PhD thesis, Department of Computer Science, University of York (2005)
Oliveira, M., Cavalcanti, A., Woodcock, J.: A UTP semantics for Circus. Formal Aspects of Computing 21(1), 3–32 (2009)
Hoare, C.A.R., He, J.: Unifying Theories of Programming. International Series in Computer Science. Prentice Hall Inc., Englewood Cliffs (1998)
Seehusen, F., Stølen, K.: Information flow security, abstraction and composition. IET Information Security 3(1), 9–33 (2009)
Banks, M.J., Jacob, J.L.: Unifying theories of confidentiality. In: Qin, S. (ed.) UTP 2010. LNCS, vol. 6445, pp. 120–136. Springer, Heidelberg (2010)
Jacob, J.L.: On the derivation of secure components. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 242–247. IEEE Computer Society, Los Alamitos (1989)
Jacob, J.L.: Security specifications. In: Proceedings of the 1988 IEEE Symposium on Security and Privacy, pp. 14–23 (1988)
Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität Saarbrücken (July 2003)
Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proceedings of the 1984 IEEE Symposium on Security and Privacy, pp. 75–86. IEEE Computer Society, Los Alamitos (1984)
Morgan, C.: The shadow knows: Refinement and security in sequential programs. Science of Computer Programming 74(8), 629–653 (2009)
Morgan, C.: Compositional noninterference from first principles. Formal Aspects of Computing (to appear)
Clark, J.A., Stepney, S., Chivers, H.: Breaking the model: Finalisation and a taxonomy of security attacks. Electronic Notes in Theoretical Computer Science 137(2), 225–242 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Banks, M.J., Jacob, J.L. (2011). Specifying Confidentiality in Circus . In: Butler, M., Schulte, W. (eds) FM 2011: Formal Methods. FM 2011. Lecture Notes in Computer Science, vol 6664. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21437-0_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-21437-0_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21436-3
Online ISBN: 978-3-642-21437-0
eBook Packages: Computer ScienceComputer Science (R0)