Deciding Selective Declassification of Petri Nets
This paper considers declassification, as effected by downgrading actions D, in the context of intransitive non-interference encountered in systems that consist of high-level (secret) actions H and low-level (public) actions L. In a previous paper, we have shown the decidability of a strong form of declassification, by which D contains only a single action d ∈ D declassifying all H actions at once. The present paper continues this study by considering selective declassification, where each transition d ∈ D can declassify a subset H(d) of H. The decidability of this more flexible, application-prone declassification framework is proved in the context of (possibly unbounded) Petri nets with possibly infinite state spaces.
KeywordsSecurity Property Regular Language Visible Transition Security Domain Invisible Action
- 1.Best, E., Darondeau, P., Gorrieri, R.: On the Decidability of Non Interference over Unbounded Petri Nets. In: Chatzikokolakis, K., Cortier, V. (eds.) Proceedings 8th International Workshop on Security Issues in Concurrency, SecCo. EPTCS, vol. 51, pp. 16–33 (2010), http://dx.doi.org/10.4204/EPTCS.51.2
- 3.Dam, M.: Decidability and Proof Systems for Language-based Noninterference Relations. In: Proc. POPL 2006, pp. 67–78 (2006), doi:10.1145/1111037.1111044Google Scholar
- 7.Mantel, H.: Possibilistic Definitions of Security - an Assembly Kit. In: Proc. of the 13th IEEE Computer Security Foundations Workshop, Cambridge, UK, July 3-5, pp. 185–199 (2000)Google Scholar
- 8.Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD Thesis, Universität des Saarlandes (2003)Google Scholar