Probabilistic noninterference through weak probabilistic bisimulation

To be practical, systems for ensuring secure information flow must be as permissive as possible. To this end, the author recently proposed a type system for multi-threaded programs running under a uniform probabilistic scheduler; it allows the running times of threads to depend on the values of H variables, provided that these timing variations cannot affect the values of L variables. But these timing variations preclude a proof of the soundness of the type system using the framework of probabilistic bisimulation, because probabilistic bisimulation is too strict regarding time. To address this difficulty, this paper proposes a notion of weak probabilistic bisimulation for Markov chains, allowing two Markov chains to be regarded as equivalent even when one "runs" more slowly that the other. The paper applies weak probabilistic bisimulation to prove that the type system guarantees the probabilistic noninterference property. Finally, the paper shows that the language can safely be extended with a fork command that allows new threads to be spawned.

[1]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[2]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[3]  D. V. Lindley,et al.  An Introduction to Probability Theory and Its Applications. Volume II , 1967, The Mathematical Gazette.

[4]  Geoffrey Smith,et al.  A new type system for secure information flow , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[5]  John G. Kemeny,et al.  Finite Markov chains , 1960 .

[6]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[7]  Alessandro Aldini,et al.  Probabilistic Information Flow in a Process Algebra , 2001, CONCUR.

[8]  D. Vere-Jones Markov Chains , 1972, Nature.

[9]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[10]  B. Harshbarger An Introduction to Probability Theory and its Applications, Volume I , 1958 .

[11]  Ilaria Castellani,et al.  Noninterference for Concurrent Programs , 2001, ICALP.

[12]  Kim G. Larsen,et al.  Bisimulation through Probabilistic Testing , 1991, Inf. Comput..

[13]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[14]  Nobuko Yoshida,et al.  Secure Information Flow as Typed Process Behaviour , 2000, ESOP.

[15]  Dennis Volpano,et al.  Probabilistic noninterference in a concurrent language , 1999 .

[16]  Christel Baier,et al.  Weak Bisimulation for Fully Probabilistic Processes , 1997, FBT.

[17]  T. Apostol Mathematical Analysis , 1957 .

[18]  Nobuko Yoshida,et al.  A uniform type structure for secure information flow , 2002, POPL '02.

[19]  John G. Kemeny,et al.  Finite Markov Chains. , 1960 .

[20]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[21]  Johan Agat Type Based Techniques for Covert Channel Elimination and Register Allocation , 2000 .

[22]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[23]  Frank E. Grubbs,et al.  An Introduction to Probability Theory and Its Applications , 1951 .