Unwinding in Information Flow Security

We study information flow security properties which are persistent, in the sense that if a system is secure then all of its reachable states are secure too. We present a uniform characterization of these properties in terms of a general unwinding schema. This unwinding characterization allows us to prove several compositionality properties of the considered security classes. Moreover, we exploit the unwinding condition to dictate the form of the rules we can use to incrementally develop secure processes and to rectify insecure processes.

[1]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[2]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[3]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[4]  A. W. Roscoe,et al.  What is intransitive noninterference? , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[5]  Michele Bugliesi,et al.  Communication Interference in Mobile Boxed Ambients , 2002, FSTTCS.

[6]  Chris Hankin,et al.  Approximate non-interference , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[7]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[8]  Riccardo Focardi,et al.  A Proof System for Information Flow Security , 2002, LOPSTR.

[9]  Ri ardo,et al.  Information Flow Se urity in Dynami Contexts ? , 2002 .

[10]  Ugo Montanari,et al.  CCS Dynamic Bisimulation is Progressing , 1991, MFCS.

[11]  Giuseppe Castagna,et al.  Information Flow Security for XML Transformations , 2003, ASIAN.

[12]  Roberto Gorrieri,et al.  Non Interference for the Analysis of Cryptographic Protocols , 2000, ICALP.

[13]  Mario Bravetti,et al.  A Process Algebraic Approach for the Analysis of Probabilistic Non-interference , 2011 .

[14]  Riccardo Focardi,et al.  Information flow security in dynamic contexts , 2006, J. Comput. Secur..

[15]  Jim Woodcock,et al.  Non-interference through Determinism , 1994, J. Comput. Secur..

[16]  Riccardo Focardi,et al.  Verifying persistent security properties , 2004, Comput. Lang. Syst. Struct..

[17]  Roberto Gorrieri,et al.  A Simple Language for Real-Time Cryptographic Protocol Analysis , 2003, ESOP.

[18]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[19]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[20]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[21]  Fabio Martinelli,et al.  Partial model checking and theorem proving for ensuring security properties , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[22]  Heiko Mantel,et al.  Unwinding Possibilistic Security Properties , 2000, ESORICS.

[23]  Richard Forster Non-interference properties for nondeterministic processes , 1997 .

[24]  Flemming Nielson,et al.  Static Analysis for Secrecy and Non-interference in Networks of Processes , 2001, PaCT.

[25]  R.,et al.  A CLASSIFICATION OF SECURITY PROPERTIES FOR PROCESS ALGEBRAS 1 , 1994 .

[26]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[27]  Carla Piazza,et al.  Information Flow Security and Recursive Systems , 2003, ICTCS.

[28]  Peter Y. A. Ryan,et al.  A CSP formulation of non-interference and unwinding , 1991 .

[29]  Riccardo Focardi,et al.  Transforming Processes to Check and Ensure Information Flow Security , 2002, AMAST.

[30]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[31]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[32]  Riccardo Focardi,et al.  Refinement operators and information flow security , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[33]  James Riely,et al.  Information flow vs. resource access in the asynchronous pi-calculus , 2000, TOPL.

[34]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[35]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[36]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[37]  Roberto Gorrieri,et al.  Information flow analysis in a discrete-time process algebra , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.