On Quantitative Security Policies

  • Pierpaolo Degano
  • Gian-Luigi Ferrari
  • Gianluca Mezzetti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6873)


We introduce a formal framework to specify and enforce quantitative security policies. The framework consists of: (i) a stochastic process calculus to express the measurable space of computations in terms of Continuous Time Markov Chains; (ii) a stochastic modal logic (a variant of CSL) to represent the bound constraints on execution speed; (iii) two enforcement mechanisms of our quantitative security policies: potential and actual. The potential enforcement computes the probability of policy violations, thus providing a sort of static evaluation of when the policy is obeyed. This supports the user to accept/discard a component when the probability of the security violation is below/above a suitable chosen threshold. The actual enforcement computes at run-time the deviation of the execution speed from the acceptable rate. This specifies the execution monitor and drives it to abort unsafe executions.


Model Check Security Policy Process Algebra Markov Kernel Structural Operational Semantic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aceto, L., Hennessy, M.: Termination, deadlock and divergence. In: Mathematical Foundations of Programming Semantics, pp. 301–318. Springer, Heidelberg (1989)Google Scholar
  2. 2.
    Ash, R., Doléans-Dade, C.: Probability and measure theory. Academic Press, London (2000)zbMATHGoogle Scholar
  3. 3.
    Athreya, K., Lahiri, S.: Measure theory and probability theory. Springer-Verlag New York Inc. (2006)Google Scholar
  4. 4.
    Aziz, A., Sanwal, K., Singhal, V., Brayton, R.: Model-checking continuous-time Markov chains. ACM Transactions on Computational Logic (TOCL) 1(1), 170 (2000)CrossRefGoogle Scholar
  5. 5.
    Baeten, J.: Process algebra with explicit termination. Tech. rep. (2000)Google Scholar
  6. 6.
    Baeten, J., Corradini, F.: Regular expressions in process algebra. In: Proceedings of 20th Annual IEEE Symposium on Logic in Computer Science, LICS 2005, pp. 12–19 (2005)Google Scholar
  7. 7.
    Baeten, J., Weijland, W.: Process algebra. Cambridge University Press, Cambridge (1990)CrossRefzbMATHGoogle Scholar
  8. 8.
    Baier, C., Haverkort, B., Hermanns, H., Katoen, J.: Model-checking algorithms for continuous-time Markov chains. IEEE Transactions on Software Engineering 29(6), 524–541 (2003)CrossRefzbMATHGoogle Scholar
  9. 9.
    Bartoletti, M., Degano, P., Ferrari, G.L.: Types and effects for secure service orchestration. In: CSFW, pp. 57–69. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  10. 10.
    Bartoletti, M., Degano, P., Ferrari, G.: Planning and verifying service composition. Journal of Computer Security 17(5), 799–837 (2009)CrossRefGoogle Scholar
  11. 11.
    Bartoletti, M., Degano, P., Ferrari, G.L., Zunino, R.: Semantics-based design for secure web services. IEEE Trans. Software Eng. 34(1), 33–49 (2008)CrossRefGoogle Scholar
  12. 12.
    Bartoletti, M., Degano, P., Ferrari, G., Zunino, R.: Local policies for resource usage analysis. ACM Transactions on Programming Languages and Systems (TOPLAS) 31(6), 23 (2009)CrossRefzbMATHGoogle Scholar
  13. 13.
    Bergstra, J., Ponse, A., Smolka, S.: Handbook of process algebra. Elsevier Science Ltd., Amsterdam (2001)zbMATHGoogle Scholar
  14. 14.
    Bernardo, M., Gorrieri, R.: Extended markovian process algebra. In: Sassone, V., Montanari, U. (eds.) CONCUR 1996. LNCS, vol. 1119, pp. 315–330. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  15. 15.
    Blute, R., Desharnais, J., Edalat, A., Panangaden, P.: Bisimulation for labelled Markov processes (1997)Google Scholar
  16. 16.
    Cardelli, L., Mardare, R.: The measurable space of stochastic processes. In: QEST, pp. 171–180. IEEE Computer Society, Los Alamitos (2010)Google Scholar
  17. 17.
    Cardelli, L., Mardare, R.: Stochastic pi-calculus revisited (2010) (unpublished),
  18. 18.
    Clark, G., Gilmore, S., Hillston, J.: Specifying performance measures for PEPA. In: Katoen, J.-P. (ed.) AMAST-ARTS 1999, ARTS 1999, and AMAST-WS 1999. LNCS, vol. 1601, pp. 211–227. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  19. 19.
    De Nicola, R., Latella, D., Loreti, M., Massink, M.: Rate-Based Transition Systems for Stochastic Process Calculi. Automata, Languages and Programming (2009)Google Scholar
  20. 20.
    Desharnais, J., Panangaden, P.: Continuous stochastic logic characterizes bisimulation of continuous-time Markov processes. Journal of Logic and Algebraic Programming 56(1-2) (2003)Google Scholar
  21. 21.
    Fokkink, W.: Axiomatizations for the perpetual loop in process algebra. In: Automata, Languages and Programming, pp. 571–581Google Scholar
  22. 22.
    Fokkink, W., Zantema, H.: Basic process algebra with iteration: Completeness of its equational axioms. The Computer Journal 37(4), 259 (1994)CrossRefGoogle Scholar
  23. 23.
    Hillston, J.: A compositional approach to performance modelling. Cambridge Univ. Pr., Cambridge (1996)CrossRefzbMATHGoogle Scholar
  24. 24.
    Kemeny, J., Snell, J., Knapp, A.: Denumerable markov chains. Springer, Heidelberg (1976)CrossRefzbMATHGoogle Scholar
  25. 25.
    Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic symbolic model checker. In: Computer Performance Evaluation: Modelling Techniques and Tools (2002)Google Scholar
  26. 26.
    Kwiatkowska, M., Norman, G., Parker, D.: Stochastic model checking. In: Bernardo, M., Hillston, J. (eds.) SFM 2007. LNCS, vol. 4486, pp. 220–270. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Larsen, K., Skou, A.: Bisimulation through probabilistic testing. Information and Computation 94(1), 1–28 (1991)CrossRefzbMATHGoogle Scholar
  28. 28.
    Norris, J.: Markov chains. Cambridge Univ. Pr., Cambridge (1998)zbMATHGoogle Scholar
  29. 29.
    Panangaden, P.: Labelled Markov Processes. Imperial College Press, London (2009)CrossRefzbMATHGoogle Scholar
  30. 30.
    Priami, C.: Stochastic π-calculus. The Computer Journal 38(7), 578 (1995)CrossRefGoogle Scholar
  31. 31.
    Sangiorgi, D.: On the origins of bisimulation and coinduction. ACM Transactions on Programming Languages and Systems (TOPLAS) 31(4), 1–41 (2009)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Pierpaolo Degano
    • 1
  • Gian-Luigi Ferrari
    • 1
  • Gianluca Mezzetti
    • 1
  1. 1.Dipartimento di InformaticaUniversità di PisaItaly

Personalised recommendations