Monitoring confidentiality by diagnosis techniques

We are interested in constructing monitors for the detection of confidential information flow in the context of partially observable discrete event systems. We focus on the case where the secret information is given as a regular language. We first characterize the set of observations allowing an attacker to infer the secret information. Further, based on the diagnosis of discrete event systems, we provide necessary and sufficient conditions under which detection and prediction of secret information flow can be ensured, and construct a monitor allowing an administrator to detect it.

[1]  Raja Sengupta,et al.  Diagnosability of discrete-event systems , 1995, IEEE Trans. Autom. Control..

[2]  Jacqueline Scherpen Proceedings European Control Conference , 1993 .

[3]  Gavin Lowe,et al.  Towards a completeness result for model checking of security protocols , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[4]  Glenn H. MacEwen,et al.  A logic for reasoning about security , 1992, TOCS.

[5]  Pavol Cerný,et al.  Preserving Secrecy Under Refinement , 2006, ICALP.

[6]  Roland Groz,et al.  Test Generation for Network Security Rules , 2006, TestCom.

[7]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[8]  H. Marchand,et al.  Supervision patterns in discrete event systems diagnosis , 2006, 2006 8th International Workshop on Discrete Event Systems.

[9]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[10]  Stéphane Lafortune,et al.  Predictability of Sequence Patterns in Discrete Event Systems , 2008 .

[11]  Thierry Jéron,et al.  Monitoring Information flow by Diagnosis Techniques , 2007 .

[12]  Maciej Koutny,et al.  Opacity generalised to transition systems , 2005, International Journal of Information Security.

[13]  Benoît Caillaud,et al.  Concurrent Secrets , 2007, 2006 8th International Workshop on Discrete Event Systems.

[14]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).