Abstract
In this chapter I present a process algebraic approach to the modelling of security properties and policies. I will concentrate on the concept of secrecy, also known as confidentiality, and in particular on the notion of non-interference. Non-interference seeks to characterise the absence of information flows through a system and, as such, is a fundamental concept in information security.
A central thesis of these lectures is that, viewed from a process algebraic point of view, the problem of characterising non-interference is essentially equivalent to that of characterising the equivalence of processes. The latter is itself a fundamental and delicate question at the heart of process algebra and indeed theoretical computer science: the semantics of a process is intimately linked to the question of which processes should be regarded as equivalent.
We start, by way of motivation and to set the context, with a brief historical background. A much fuller exposition of security policies in the wider sense, embracing properties other than secrecy, can be found in the chapter by Pierangela Samarati in this volume. We then cover some elements of process algebra, in particular CSP (Communicating Sequential Processes), that we need and present a formulation of noninterference, along with some more operational presentations of process algebra, including the idea of bi-simulation. I argue that the classical notion of unwinding found in the security literature is really just bisimulation in another guise.
Finally, I propose some generalisations of the process algebraic formulations designed to encompass a richer class of policies and examples.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M. and Gordon, A.: A calculus for Cryptographic Protocols: the Spi Calculus, Information and Computation (1999)
Bell, D. E. and LaPadula, L. J.: Secure Computer System: Unified Exposition and Multics Interpretation, Tech report ESD-TR-75-306, Mitre Corp, Bedford, Ma. (1976) 7
Bellare, M. and Rogaway, P.: Entity Authentication and key Distribution, Advances in Cryptography-Proceedings of Crypto (1993) 55
Biba, K. J.: Integrity Considerations for Secure Computer Systems, US Airforce Electronic Systems Division (1977) 10
Brewer, D. F. C., Nash, M. J.: The Chinese Wall security policy, in Proceedings of the IEEE Symposium on Security and Privacy, (1989) 206–214 9
Broadfoot, P. et al: Automating Data Independence, European Symposium on Research in Computer Security, LNCS vol 1895, Springer (2000) 55
Brookes, S. D. and Roscoe, A. W.: An Improved Failures Model for Communicating Sequential Processes Springer Verlag, Proceedings NSF-SERC Seminar on Concurrency (1985) 17
Cardelli, L.: Mobility and Security, Lecture Notes for the Marktoberdorf Summer School (1999) 56
Clark, D. R. and Wilson, D. R.: A Comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy, (1987) 184–194 9
Cleaveland, R. and Hennessy, M.: Testing equivalence as a bisimulation equivalence. Formal Aspects of Computing, Volume 5, (1993) 1–20 44
Cohen, E.: Information Transmission in computational Systems. Sixth ACM Symp. on Operating Systems Principles, November (1977) 133–139 12
Coppersmith, D. et al.: Low-exponent RSA with related messages. In Advances in Cryptology-EUROCRYPT’ 96 (Lecture Notes in Computer Science 1070), Springer-Verlag, (1996) 1–9 54
Davies, J., Schneider S. A.: A Brief History of Timed CSP, Theoretical Computer Science, 138, (1995) 17
Desmedt, Y. and Yung, M.: Minimal cryptosystems and defining subliminalfreeness. In Proceedings 1994 IEEE International Symposium on Information Theory, p. 347, Trondheim, Norway, June 27-July 1, (1994) 55
US Department of Defense: DOD Trusted Computer Security System Evaluation Criteria (The Orange Book), DOD 5200.28-STD, (1985) 7
Durante, A. et al: A Compiler for Analysing Cryptographic Protocols using Non-Interference, ACM Trans. on Soft.Eng. and Method, 9(4) (2000) 1–9 54
Feiertag, R. J.: A technique for Proving Specifications are Multi-level Secure Technical report CSL109, CSL, SRI International (1980) 12
Focardi, R. and Gorrieri, R.: A Classification of Security Properties, JCS, 3(1): (1995) 5–33 34, 46
Focardi, R, Ghelli, A. and Gorrieri, R.: Using noninterference for the analysis of security protocols, DIMACS workshop on Design and Formal Verification of Security protocols (1997)
Focardi, R., Gorrieri, R.: The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties. IEEE Trans. on Soft. Eng., 23(9): (1997) 550–571 16
Foley, S. N.: A Taxonomy for Information Flow Policies and Models, in Proceedings of IEEE Symposium on Security and Privacy, IEEE Press (1991) 9
Foley, S. N.: The Specification and Implementation of Commercial Security Requirements including Dynamic Segregation of Duties, 4th ACM Conference on Computer and Communications Security, ACM Press, (1997) 10
Gardiner, P.: Algebraic Proofs of Consistency and Completeness. Theoretic Computer Science, (1995) 150–614
Gardiner, P.: Power simulation and its relation to traces and failures refinement, ENTCS, vol 32, URL: http://www.elsevier.nl/locate/entcs/volume32.html35
Goguen, J. A. and Meseguer, J.: Security policies and security models, IEEE Symposium on Security and Privacy, (1982) 12
Goguen, J. and Meseguer, J: Inference Control and Unwinding, Proceedings of the IEEE Symposium on Research in Security and Privacy (1984) 12, 30
Goldsmith, M. H. and Roscoe, A. W.: What Is Intransitive Noninterference? Proceedings of the Computer Security Foundations Workshop, IEEE Press(1999) 50
Gollmann, D.: Computer Security, Wiley (2000) 7
Guttman, J. et al: The Faithfulness of Abstract Encryption, to appear 55
Haigh, J. T.: A Comparison of Formal Security Models, Proc 7th National Computer Security Conference, Gaithersburg, September (1984) 88–119 16
Harrison, M. A. et al: Protection in operating systems. Communications of the ACM, 19(8), August (1976) 461–471 9
He, J. and Hoare, C. A. R.: Unified Theories of programming. Prentice Hall International, (1998) 38
Hennessy, M.: Algebraic Theory of Processes, MIT Press (1989)
Hennessy, M.: The security pi-calculus and non-interference, Computer Science Technical Report 2000:05, School of Cognitive and Computing Sciences, University of Sussex. 56
Hoare, C. A. R.: Communicating Sequential Processes, Prentice Hall (1985) 17
Jacob, J. L.: Security Specifications, Proceedings of the IEEE Symposium on Research in Security and Privacy (1988) 29, 42
Jacob, J. L.: Basic Theorems about Security Journal of Computer Security, Vol 1 Number 4, (1992) 385–411 42
Johnson, D. and Thayer, F.: Security and the Composition of Machines, In Proceedings of the Computer Security Foundations Workshop, IEEE Press, (1988)16
Kang, M. H. et al: Design and Assurance Strategy for the NRL Pump, Computer, Vol. 31, No. 4, April (1998) 56–64 10
Kemmerer, D.: Verification Assessment Study Final Report NCSC report (1986)11
Lakatos, I.: Proof and Refutations: The logic of mathematical discovery. Cambridge University Press, (1977) 5
Lampson B.: Protection, ACM Operating Systems Reviews, 8, (1974) 6
Lazic, R. and Nowak, D.: A Unifying Approach to Data-independence, In Proceedings of the 11th International Conference on Concurrency Theory (CONCUR 2000), Lecture Notes in Computer Science. Springer-Verlag, August (2000) 55
Lee, S. and Zakinthinos, A.: A General Theory of Security Properties, Proceedings of the IEEE Symposium on Research in Security and Privacy (1997) 16
Lee, T. M. P.: Using Mandatory Integrity to Enforce ‘Commerical’ Security, Proceedings of the IEEE Symposium on Research in Security and Privacy, (1988) 140–144 10
Lincoln, P. et al: Probabilistic polynomial-time equivalence and security analysis, Proceedings of FM’99 (1999) 54
Lowe, G.: Probabilities and Priorities in Timed CSP, D.Phil. thesis Oxford University (1993) 46
Lowe, G.: Defining Information Flow University of Leicester tech report (1999)
MacKenzie, D.: Computers and the Sociology of Mathematical Proof. Prepared for Northern Formal Methods Workshop, Ilkley, September (1998) 5
Mantel, H.: Unwinding Possibilistic Security Properties. In Proceedings of ESORICS (2000) 53
McCullough, D.: Specifications for Multi-level Security and a Hook-up Property, Proceedings of the IEEE Symposium on Research in Security and Privacy (1987) 16
McCullough, D.: Noninterference and the Composition of Security Properties Proceedings of the IEEE Symposium on Research in Security and Privacy (1988) 16
McHugh, J.: Covert Channel Analysis. A chapter in the Handbook for the Computer Security Certification of Trusted Systems, (An ongoing series published by the Center for High Assurance Computing Systems, Naval research Laboratory, 4555 Overlook Ave, SW, Washington, DC 20375,) November 1994-Revised December 1995. Available at http://chacs.nrl.navy.mil/publications/handbook/index.html 11
McHugh, J.: A Formal Definition for Information Flow in the Gypsy Expression Language. In Proceedings of The Computer Security Foundations Workshop, Mitre Corporation, Bedford, MA (1988) 147–165 11
McIver, A. et al: Refinement-oriented probability for CSP, Formal Aspects of Computing 8(9) (1996)
McLean, J.: Security Models Encyclopedia of Software Engineering (ed. John Marciniak) Wiley & Sons, Inc., (1994) 2
McLean, J.: A Comment on the ‘Basic Security Theorem’ of Bell and LaPadula, Information Processing Letters, vol. 20, no. 2, Feb. (1985) 11
McLean, J.: A General Theory of Composition for Trace Sets Closed Under Selective Interleaving Functions, Proceedings of 1994 IEEE Symposium on Research in Security and Privacy, IEEE Press, (1994) 16, 29
Menezes, A. J. et al: Handbook of Applied Cryptography. CRC Press (1996)
Milner, R.: A Calculus of Communicating Systems. Springer, LNCS 92, (1980) 17
Milner, R.: Communication and Concurrency, Prentice-Hall (1989)
Milner, R. et al: A calculus of Mobile Processes, I and II. Information and Compution, 100: (1992) 1–77 17
Milner, R.: Communicating and Mobile Systems: the Pi-Calculus, CUP (1999) 56
Moskowitz, I. and Costich, O.: A classical automata approach to noninterference type problems Proceedings of the Computer Security Foundations Workshop V, (1992) 11
O’Halloran, C.: A Calculus of Information Flow, Proceedings of ESORICS (1990) 16
Pfitzmann, B. et al: Crptographic security of reactive systems, ENTCS, 32 (2000)
Pinsky, S.: Absorbing covers and intransitive non-interference, IEEE Symposium on Research in Security and Privacy (1995) 39
Pinsky, S. and Ziegler, E.: Noninterference Equations for Nondeterministic Systems, Proceedings of the Computer Security Foundations Workshop, (2001) 53
Reed, M. and Roscoe, A. W.: A Timed Model for Communicating Sequential Processes. In proceedings of the 13th ICALP, LNCS 226, (1986) 17
Roscoe, A. W. et al: Non-interference through determinism, Proceedings of ESORICS (1994) 40
Roscoe, A. W.: CSP and determinism in security modelling, in proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, (1995) 27
Roscoe, A. W.: The theory and practice of concurrency, Prentice-Hall (1997) 17, 21, 25, 30, 50
Rushby, J.: Noninterference, Transitiivity and Channel-Control Security Policies, SRI Tech Report (1992) 16, 50
Ryan, P. Y. A.: A CSP formulation of non-interference and unwinding, Presented at CSFW 1990 and published in Cipher, Winter 1990/1991 26, 30, 31
Ryan, P. Y. A. and Sennett C. T. eds: Formal Methods in Systems Engineering Springer Verlag (1993) 4
Ryan, P. Y. A. and Schneider, S. A.: Process Algebra and Non-interference, JCS Vol 9, nos 1,2, (2001) 75–103 45
P. Y. A. Ryan et al: Modelling and Analysis of Security Protocols, Pearson (2001) 51, 55, 57
Sabelfeld, A. and Sands, D.: Probabilistic Non-interference for Multi-threaded Programs. In Proceedings of the IEEE Computer Security Foundations Workshop, Cambridge, July 3-5 2000, IEEE Computer Society, (2000) 200–215 53
Saidi, H.: Model Checking Guided Abstraction and Analysis, Proc of the 7th International Static Analysis Symposium (2000) 55
Sandhu, R. S.: Lattice Based Access control Models, IEEE Computer, volume 26, number 11, November (1993) 9–19 9
Schneider, S. A.: Concurrent and Real time systems: the CSP approach, Wiley (1999) 17, 21
Schneider, S. A.: Testing and abstraction, Royal Holloway, University of London Tech Report tr-99-02 (1999) 46
Schneider, S. A.: May Testing, Non-interference and Compositionality, Royal Holloway Tech report CSD-TR-00-02, January 2001. 40, 43, 44
Schneider, S. A. and Sidiropoulos, A.: CSP and anonymity, Proceedings of ESORICS (2000) 52
Shockley, W. R.: Implementing the Clark Wilson Integrity Policy Using Current Technology, in Proceedings of the National Security Conference, (1988) 29–36 10
Simpson, A. C.: Safety Through Security, DPhil thesis, Oxford University (1996) 50
Sutherland, D.: A model of information, 9th National Computer Security Conference (1986) 16, 44
Weber, D.: Specifications for Fault Tolerance. ORA report (1988) 19–3 50
Wittbold, J. T. and Johnson, D. M.: Information flow in nondeterministic systems, Proceedings of the Symposium on Research on Security and Privacy (1990) 16,45
Volpano, D and Smith G.: Probablilistic non-interference in a concurrent language. Journal of Computer Security, 7(2, 3): November (1999) 231–253 56
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ryan, P.Y.A. (2001). Mathematical Models of Computer Security. In: Focardi, R., Gorrieri, R. (eds) Foundations of Security Analysis and Design. FOSAD 2000. Lecture Notes in Computer Science, vol 2171. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45608-2_1
Download citation
DOI: https://doi.org/10.1007/3-540-45608-2_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42896-1
Online ISBN: 978-3-540-45608-7
eBook Packages: Springer Book Archive