Abstractions of non-interference security: probabilistic versus possibilistic

The Shadow Semantics (Morgan, Math Prog Construction, vol 4014, pp 359–378, 2006 ; Morgan, Sci Comput Program 74(8):629–653, 2009 ) is a possibilistic (qualitative) model for noninterference security. Subsequent work (McIver et al., Proceedings of the 37th international colloquium conference on Auto...

Full description

Saved in:
Bibliographic Details
Published in:Formal Aspects of Computing Vol. 26; no. 1; pp. 169 - 194
Main Authors: Hoang, Thai Son, McIver, Annabelle K., Meinicke, Larissa, Morgan, Carroll C., Sloane, Anthony, Susatyo, Enrico
Format: Journal Article
Language:English
Published: London Association for Computing Machinery (ACM) 01.01.2014
Springer London
Association for Computing Machinery
Subjects:
Computation
Computer Science
Math Applications in Computer Science
Non-interference security
Original Article
Probabilistic non-interference
Program refinement
Program semantics
Theory of Computation
Program refinement
Probabilistic non-interference
Non-interference security
Program semantics
ISSN:0934-5043, 1433-299X
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Shadow Semantics (Morgan, Math Prog Construction, vol 4014, pp 359–378, 2006 ; Morgan, Sci Comput Program 74(8):629–653, 2009 ) is a possibilistic (qualitative) model for noninterference security. Subsequent work (McIver et al., Proceedings of the 37th international colloquium conference on Automata, languages and programming: Part II, 2010 ) presents a similar but more general quantitative model that treats probabilistic information flow. Whilst the latter provides a framework to reason about quantitative security risks, that extra detail entails a significant overhead in the verification effort needed to achieve it. Our first contribution in this paper is to study the relationship between those two models (qualitative and quantitative) in order to understand when qualitative Shadow proofs can be “promoted” to quantitative versions, i.e. in a probabilistic context. In particular we identify a subset of the Shadow’s refinement theorems that, when interpreted in the quantitative model, still remain valid even in a context where a passive adversary may perform probabilistic analysis. To illustrate our technique we show how a semantic analysis together with a syntactic restriction on the protocol description, can be used so that purely qualitative reasoning can nevertheless verify probabilistic refinements for an important class of security protocols. We demonstrate the semantic analysis by implementing the Shadow semantics in Rodin, using its special-purpose refinement provers to generate (and discharge) the required proof obligations (Abrial et al., STTT 12(6):447–466, 2010 ). We apply the technique to some small examples based on secure multi-party computations.
Bibliography:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-2
content type line 23
ISSN:0934-5043
1433-299X
DOI:10.1007/s00165-012-0237-4