The epistemic representation of information flow security in probabilistic systems

We set out a logic for reasoning about multilevel security of probabilistic systems. This logic includes modalities for time, knowledge, and probability. In earlier work we gave syntactic definitions of multilevel security and showed that their semantic interpretations are equivalent to independently motivated information-theoretic definitions. This paper builds on that earlier work in two ways. First, it substantially recasts the language and model of computation into the more standard Halpern-Tuttle framework for reasoning about knowledge and probability. Second, it brings together two distinct characterizations of security from that work. One was equivalent to the information-theoretic security criterion for a system to be free of covert channels but was difficult to prove. The other was a verification condition that implied the first; it was more easily provable but was too strong. This paper presents a characterization that is syntactically very similar to our previous verification condition but is proven to be semantically equivalent to the security criterion. The new characterization also means that our security criterion is expressible in a simpler logic and model.

[1]  Jonathan K. Millen,et al.  Hookup security for synchronous machines , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[2]  James W. Gray Toward a Mathematical Foundation for Information , 1992, J. Comput. Secur..

[3]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[4]  Randy Brown,et al.  The Turing Test and Non-Information Flow , 1991, IEEE Symposium on Security and Privacy.

[5]  Joseph Y. Halpern,et al.  Knowledge, probability, and adversaries , 1989, PODC '89.

[6]  Glenn H. MacEwen,et al.  A logic for reasoning about security , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[7]  Frédéric Cuppens,et al.  A Logical View of Secure Dependencies , 1992, J. Comput. Secur..

[8]  Karen Seidel,et al.  Probabilistic Communicating Processes , 1992, Theor. Comput. Sci..

[9]  Martín Abadi An Axiomatization of Lamport's Temporal Logic of Actions , 1990, CONCUR.

[10]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[11]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[12]  Timothy Redmond,et al.  A Model-Theoretic Approach to Specifying, Verifying and Hooking Up Security Policies , 1988, CSFW.

[13]  Paul Syverson,et al.  Epistemology of Information Flow in the Multilevel Security of Probabilistic Systems. , 1995 .

[14]  John C. Wray An Analysis of Covert Timing Channels , 1992, J. Comput. Secur..

[15]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Aaron D. Wyner,et al.  Channels with Side Information at the Transmitter , 1993 .

[17]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[18]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  J. Marsden,et al.  Elementary classical analysis , 1974 .

[20]  K. Brown,et al.  Graduate Texts in Mathematics , 1982 .

[21]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[22]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[23]  R. Browne The Turing Test and non-information flow , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.