Structural non-interference in elementary and trace nets

Several notions of non-interference have been proposed in the literature for studying the problem of confidentiality in concurrent systems. The common feature of these non-interference properties is that they are all defined as extensional properties based on some notion of behavioural equivalence on systems. Here, instead, we address the problem of defining non-interference by looking at the structure of the systems under investigation. We use a simple class of Petri nets, namely, contact-free elementary net systems, as the system model and define structural non-interference properties based on the absence of particular places in the net: such places show that a suitable causality or conflict relation is present between a high-level transition and a low-level one. We characterise one structural property, called PBNI+, which we show to be equivalent to the well-known behavioural property SBNDC. It essentially captures all the positive information flows (that is, a low-level user can deduce that some high-level action has occurred). We start by providing a characterisation of PBNI+ on contact-free elementary net systems, then extend the definition to cope with the richer class of trace nets.

[1]  C. A. R. Hoare,et al.  A Theory of Communicating Sequential Processes , 1984, JACM.

[2]  Roberto Gorrieri,et al.  A Survey on Non-interference with Petri Nets , 2003, Lectures on Concurrency and Petri Nets.

[3]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[4]  Wolfgang Reisig Petri Nets: An Introduction , 1985, EATCS Monographs on Theoretical Computer Science.

[5]  Roberto Gorrieri,et al.  A Classification of Security Properties , 1993 .

[6]  Damas P. Gruska Observation Based System Security , 2007, Fundam. Informaticae.

[7]  Joost Engelfriet,et al.  Elementary Net Systems , 1996, Applications and Theory of Petri Nets.

[8]  Philippe Darondeau,et al.  Trace nets and process automata , 1995, Acta Informatica.

[9]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[10]  Peter Y. A. Ryan,et al.  Mathematical Models of Computer Security , 2000, FOSAD.

[11]  Roberto Gorrieri,et al.  Positive Non-interference in Elementary and Trace Nets , 2004, ICATPN.

[12]  C. Petri Kommunikation mit Automaten , 1962 .

[13]  Philippe Darondeau,et al.  Theory of Regions , 1996, Petri Nets.

[14]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[15]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[16]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[17]  Riccardo Focardi,et al.  Unwinding in Information Flow Security , 2004, MEFISTO.

[18]  Roberto Gorrieri,et al.  A Taxonomy of Security Properties for Process Algebras , 1995, J. Comput. Secur..

[19]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.