Conditional Information Flow Policies and Unwinding Relations

  • Chenyi Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7173)


Noninterference provides a control over information flow in systems for ensuring confidentiality and integrity security properties. In general, user A is not allowed to interfere with user B if A’s behaviour cannot cause any difference in B’s observation. Unwinding relations are useful verification techniques for noninterference-based properties. This paper defines a framework for the notion of conditional noninterference, which allows to specify information flow policies based on the semantics of action channels. To verify the properties, we present unwinding relations that are both sound and complete for the new policies.


Policy Language Security Policy Security Requirement Security Property Local Respect 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Backes, M., Pfitzmann, B.: Intransitive non-interference for cryptographic purpose. In: Proc. S&P, pp. 140–152 (2003)Google Scholar
  2. 2.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: Proc. CSFW, pp. 100–114 (2004)Google Scholar
  3. 3.
    Bell, D.E., LaPadula, L.J.: Secure Computer System: Vol.I—mathematical foundations, Vol.II—a mathematical model, Vol.III—a refinement of the mathematical model. Technical report MTR-2547 (three volumes), The MITRE Corporation (March-December 1973)Google Scholar
  4. 4.
    Bell, D.E., LaPadula, L.J.: Secure computer system: unified exposition and MULTICS interpretation. Technical report MTR-2997 Rev. 1, The MITRE Corporation (March 1976)Google Scholar
  5. 5.
    Bevier, W.R., Young, W.D.: A state-based approach to noninterference. In: Proc. CSFW, pp. 11–21 (1994)Google Scholar
  6. 6.
    Bossi, A., Piazza, C., Rossi, S.: Modelling downgrading in information flow security. In: Proc. CSFW, pp. 187–201 (2004)Google Scholar
  7. 7.
    Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In: Proc. S&P, pp. 206–214 (1989)Google Scholar
  8. 8.
    Clark, D., Wilson, D.: A comparison of commercial and military computer security policies. In: Proc. S&P, pp. 184–193 (1987)Google Scholar
  9. 9.
    Crow, J., Owre, S., Rushby, J., Shankar, N., Srivas, M.: A tutorial introduction to PVS. In: Proc. Workshop on Industrial-Strength Formal Specification Techniques (1996)Google Scholar
  10. 10.
    Darvas, Á., Hähnle, R., Sands, D.: A Theorem Proving Approach to Analysis of Secure Information Flow. In: Hutter, D., Ullmann, M. (eds.) SPC 2005. LNCS, vol. 3450, pp. 193–209. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    D’Souza, D., Holla, R., Kulkarni, J., Ramesh, R.K., Sprick, B.: On the Decidability of Model-Checking Information Flow Properties. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 26–40. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Eggert, S., van der Meyden, R., Schnoor, H., Wilke, T.: The complexity of intransitive noninterference. In: Proc. S&P, pp. 196–211 (2011)Google Scholar
  13. 13.
    Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. Journal of Computer Security 3(1), 5–33 (1995)Google Scholar
  14. 14.
    Focardi, R., Rossi, S.: Information flow security in dynamic contexts. In: Proc. CSFW, pp. 307–319 (2002)Google Scholar
  15. 15.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. S&P, pp. 11–20 (1982)Google Scholar
  16. 16.
    Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proc. S&P, p. 75 (1984)Google Scholar
  17. 17.
    Ben Hadj-Alouane, N., Lafrance, S., Lin, F., Mullins, J., Yeddes, M.: On the verification of intransitive noninterference in mulitlevel security. IEEE Transactions on Systems, Man and Cybernetics 35(5), 948–958 (2005)CrossRefGoogle Scholar
  18. 18.
    Haigh, J.T., Young, W.D.: Extending the noninterference version of MLS for SAT. IEEE Transactions on Software Engineering 13(2), 141–150 (1987)CrossRefGoogle Scholar
  19. 19.
    Mantel, H.: Possiblistic definitions of security – an assembly kit. In: Proc. CSFW, pp. 185–199 (2000)Google Scholar
  20. 20.
    Mantel, H.: Unwinding Security Properties. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 238–254. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Mantel, H., Reinhard, A.: Controlling the What and Where of Declassification in Language-Based Security. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 141–156. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Mantel, H., Sands, D.: Controlled Declassification Based on Intransitive Noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Milner, R.: Communication and concurrency. Prentice-Hall (1989)Google Scholar
  24. 24.
    Roscoe, A.W.: CSP and determinism in security modelling. In: Proc. S&P, pp. 114–221 (1995)Google Scholar
  25. 25.
    Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference ? In: Proc. CSFW, pp. 228–238 (1999)Google Scholar
  26. 26.
    Rushby, J.: Noninterference, transitivity, and channel-control security policies. Technical report, SRI international (December 1992)Google Scholar
  27. 27.
    Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proc. CSFW, pp. 255–269 (2005)Google Scholar
  28. 28.
    Terauchi, T., Aiken, A.: Secure Information Flow as a Safety Problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  29. 29.
    van der Meyden, R.: What, Indeed, Is Intransitive Noninterference (Extended Abstract). In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 235–250. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    van der Meyden, R., Zhang, C.: Algorithmic verification on noninterference properties. ENTCS 168, 61–75 (2007)Google Scholar
  31. 31.
    van der Meyden, R., Zhang, C.: A comparison of semantic models for noninterference. Theoretical Computer Science 411(7), 4123–4147 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    von Oheimb, D.: Information Flow Control Revisited: Noninfluence = Noninterference + Nonleakage. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 225–243. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Chenyi Zhang
    • 1
  1. 1.School of Computer Science and EngineeringThe University of New South WalesAustralia

Personalised recommendations