Defining information flow quantity

We extend definitions of information flow so as to quantify the amount of information passed; in other words, we give a formal definition of the capacity of covert channels. Our definition uses the process algebra CSP, and is based upon counting the number of different behaviours of a high level user that can be distinguished by a low level user.

[1]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[2]  Charles F. Hockett,et al.  A mathematical theory of communication , 1948, MOCO.

[3]  Roberto Gorrieri,et al.  Information flow analysis in a discrete-time process algebra , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[4]  Iain Phillips,et al.  Refusal Testing , 1986, Theoretical Computer Science.

[5]  Jonathan K. Millen,et al.  Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[6]  Riccardo Focardi,et al.  Information flow security in dynamic contexts , 2006, J. Comput. Secur..

[7]  Daryl McCullough,et al.  Covert Channels and Degrees of Insecurity , 1988, CSFW.

[8]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Riccardo Focardi,et al.  Comparing two information flow security properties , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[10]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[11]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[12]  Ouaknine Joel,et al.  Discrete analysis of continuous behaviour in real-time concurrent systems , 2000 .

[13]  Roberto Gorrieri,et al.  A Classification of Security Properties , 1993 .

[14]  Steve A. Schneider,et al.  Concurrent and Real-time Systems: The CSP Approach , 1999 .

[15]  P. G. Allen,et al.  A comparison of non-interference and non-deducibility using CSP , 1991, Proceedings Computer Security Foundations Workshop IV.