Information flow in secure contexts

Information flow Security in a multilevel system aims at guaranteeing that no high level information is revealed to low level user, even in the presence of any possible malicious process. This requirment could be stronger than necessary when some knowledge about the environment (context) in which the process is going to run is available. To relax this requirment we introduce the notion of secure contexts for a class of processes. This notion is parametric with respect to both the observation equivalance and the operation used to characterize the low level view of a process. As observation equivalance we consider the cases of weak bisimulation and trace equivalance. We describe how to build secure context in these cases and we show that two well-known security properties, named BNDC and NDC. are just special instances of our general notion.

[1]  Claudia Eckert On security models , 1996, SEC.

[2]  Giuseppe Castagna,et al.  Information Flow Security for XML Transformations , 2003, ASIAN.

[3]  Roberto Gorrieri,et al.  Non Interference for the Analysis of Cryptographic Protocols , 2000, ICALP.

[4]  Mario Bravetti,et al.  A Process Algebraic Approach for the Analysis of Probabilistic Non-interference , 2011 .

[5]  E. Stewart Lee,et al.  A general theory of security properties , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  John Mullins,et al.  Bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols , 2003, Inf. Softw. Technol..

[7]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[8]  Heiko Mantel,et al.  Static Confidentiality Enforcement for Distributed Programs , 2002 .

[9]  Jim Woodcock,et al.  Non-interference through Determinism , 1994, J. Comput. Secur..

[10]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[11]  Bogdan Warinschi,et al.  European Symposium On Research In Computer Security - ESORICS 2007 , 2007 .

[12]  Roberto Gorrieri,et al.  A Simple Language for Real-Time Cryptographic Protocol Analysis , 2003, ESOP.

[13]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Peter Y. A. Ryan,et al.  Mathematical Models of Computer Security , 2000, FOSAD.

[15]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[16]  A. W. Roscoe,et al.  What is intransitive noninterference? , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[17]  Chris Hankin,et al.  Approximate non-interference , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[18]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[19]  Sylvan Pinsky,et al.  Absorbing covers and intransitive non-interference , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[20]  Riccardo Focardi,et al.  Information flow security in dynamic contexts , 2006, J. Comput. Secur..

[21]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[22]  HennessyMatthew,et al.  Information flow vs. resource access in the asynchronous pi-calculus , 2002 .

[23]  Riccardo Focardi,et al.  Verifying persistent security properties , 2004, Comput. Lang. Syst. Struct..

[24]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 2001 .

[25]  Michele Bugliesi,et al.  Communication Interference in Mobile Boxed Ambients , 2002, FSTTCS.

[26]  Colin O'Halloran,et al.  A Calculus of Information Flow , 1990, ESORICS.

[27]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[28]  John Mullins Nondeterministic Admissible Interference , 2000, J. Univers. Comput. Sci..

[29]  Peter Y. A. Ryan,et al.  A CSP formulation of non-interference and unwinding , 1991 .

[30]  Flemming Nielson,et al.  Static Analysis for Secrecy and Non-interference in Networks of Processes , 2001, PaCT.

[31]  John McLean,et al.  A General Theory of Composition for a Class of "Possibilistic'' Properties , 1996, IEEE Trans. Software Eng..

[32]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[33]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[34]  Richard A. Falk,et al.  Who Needs It , 1975 .

[35]  Jonathan K. Millen,et al.  Non-interference, who needs it? , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[36]  Heiko Mantel,et al.  Securing Communication in a Concurrent Language , 2002, SAS.

[37]  Gavin Lowe,et al.  Quantifying information flow , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[38]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[39]  Fabio Martinelli,et al.  Analysis of security protocols as open systems , 2003, Theor. Comput. Sci..

[40]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[41]  James Riely,et al.  Information flow vs. resource access in the asynchronous pi-calculus , 2000, TOPL.

[42]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[43]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.