The Shadow Knows: Refinement of Ignorance in Sequential Programs

Separating sequential-program state into “visible” and “hidden” parts facilitates reasoning about knowledge, security and privacy: applications include zero-knowledge protocols, and security contexts with hidden “high-security” state and visible “low-security” state. A rigorous definition of how specifications relate to implementations, as part of that reasoning, must ensure that implementations reveal no more than their specifications: they must, in effect, preserve ignorance. We propose just such a definition –a relation of ignorance-preserving refinement– between specifications and implementations of sequential programs. Its purpose is to enable a development-by-refinement methodology for applications like those above. Since preserving ignorance is an extra obligation, the proposed refinement relation restricts (rather than extends) the usual. We suggest general principles for restriction, and we give specific examples of them. To argue that we do not restrict too much –for “no refinements allowed at all” is trivially ignorance-preserving– we derive The Dining Cryptographers protocol via a program algebra based on the restricted refinement relation. It is also a motivating case study, as it has never before (we believe) been treated refinement-algebraically. In passing, we discuss –and solve– the Refinement Paradox.

[1]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[2]  Heiko Mantel,et al.  Preserving information flow properties under refinement , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[3]  Jim Woodcock,et al.  Non-interference through Determinism , 1994, J. Comput. Secur..

[4]  Ellis S. Cohen Information transmission in computational systems , 1977, SOSP '77.

[5]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[6]  Annabelle McIver,et al.  Abstraction, Refinement and Proof for Probabilistic Systems , 2004, Monographs in Computer Science.

[7]  Ralph-Johan Back,et al.  Decentralization of Process Nets with Centralized Control , 1983, PODC.

[8]  Ralph-Johan Back,et al.  Refinement Calculus: A Systematic Introduction , 1998 .

[9]  Michael B. Smyth Power Domains , 1978, J. Comput. Syst. Sci..

[10]  Jaakko Hintikka,et al.  Knowledge and Belief: An Introduction to the Logic of the Two Notions. , 1965 .

[11]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[12]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[13]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.

[14]  K. Rustan M. Leino,et al.  A semantic approach to secure information flow , 2000, Sci. Comput. Program..

[15]  Kaile Su,et al.  Symbolic model checking the knowledge of the dining cryptographers , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[16]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[17]  Jeremy L. Jacob,et al.  Security specifications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[18]  Carroll Morgan,et al.  Programming from specifications (2nd ed.) , 1994 .

[19]  Joseph Y. Halpern,et al.  Secrecy in Multiagent Systems , 2008, TSEC.

[20]  Yoram Moses,et al.  A Refinement Theory that Supports Reasoning About Knowledge and Time , 2001, LPAR.

[21]  Annabelle McIver,et al.  Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science) , 2004 .

[22]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[23]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, ESOP.

[24]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..