Information Flow Security for Stochastic Processes

In this paper we study an information flow security property for systems specified as terms of a quantitative process algebra, namely Performance Evaluation Process Algebra (PEPA). Intuitively, we propose a quantitative extension of the Non-Interference property used to secure systems from the functional point view by assuming that the observers are able to measure also the timing properties of the system, e.g., the response time or the throughput.

[1]  Jane Hillston,et al.  A compositional approach to performance modelling , 1996 .

[2]  Silvia Crafa,et al.  Controlling information release in the pi-calculus , 2007, Inf. Comput..

[3]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[4]  Giuliana Franceschinis,et al.  Simple O(m logn) Time Markov Chain Lumping , 2010, TACAS.

[5]  Roberto Gorrieri,et al.  A Classification of Security Properties , 1993 .

[6]  Dan Boneh,et al.  Exposing private information by timing web applications , 2007, WWW '07.

[7]  Hanne Riis Nielson,et al.  A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols , 2007, ASIAN.

[8]  John G. Kemeny,et al.  Finite Markov Chains. , 1960 .

[9]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[10]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[11]  Carla Piazza,et al.  Lumping-based equivalences in Markovian automata: Algorithms and applications to product-form analyses , 2018, Inf. Comput..

[12]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[13]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[14]  Paul Walton,et al.  A Model for Information , 2014, Inf..

[15]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[16]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[18]  Sabina Rossi,et al.  On the Relations between Lumpability and Reversibility , 2014, 2014 IEEE 22nd International Symposium on Modelling, Analysis & Simulation of Computer and Telecommunication Systems.

[19]  Carla Piazza,et al.  Contextual lumpability , 2013, VALUETOOLS.

[20]  B. Nordstrom FINITE MARKOV CHAINS , 2005 .

[21]  Sabina Rossi,et al.  On the relations between Markov chain lumpability and reversibility , 2016, Acta Informatica.