A Theory of Noninterference for the pi-Calculus

We develop a theory of noninterference for a typed version of the π-calculus where types are used to assign secrecy levels to channels. We provide two equivalent characterizations of noninterference based on a typed behavioural equivalence relative to a security level σ, which captures the idea of external observers of level σ. The first characterization involves a universal quantification over all the possible active attacks, i.e., malicious processes which interact with the system possibly leaking secret information. The second definition of noninterference is expressed in terms of an unwinding condition, which deals with so-called passive attacks trying to infer confidential information just by observing the behaviour of the system. This unwinding-based characterization naturally leads to efficient methods for the verification and construction of (compositional) secure systems. Furthermore, we characterize noninterference in terms of bisimulation-like (partial) equivalence relations in the style of a stream of similar studies for other process calculi (e.g., CCS and CryptoSPA) and languages (e.g., imperative and multi-threaded languages).

[1]  Michele Bugliesi,et al.  Information Flow Security for Boxed Ambients , 2002, F-WAN@ICALP.

[2]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[3]  Davide Sangiorgi,et al.  The Pi-Calculus - a theory of mobile processes , 2001 .

[4]  Riccardo Focardi,et al.  Verifying persistent security properties , 2004, Comput. Lang. Syst. Struct..

[5]  Davide Sangiorgi,et al.  Bisimulation in name-passing calculi without matching , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[6]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[7]  Matthew Hennessy,et al.  The security pi-calculus and non-interference , 2005, J. Log. Algebraic Methods Program..

[8]  Robin Milner,et al.  Theories for the Global Ubiquitous Computer , 2004, FoSSaCS.

[9]  Riccardo Focardi,et al.  Information flow security in dynamic contexts , 2006, J. Comput. Secur..

[10]  Nobuko Yoshida,et al.  Linearity and Bisimulation , 2002, FoSSaCS.

[11]  François Pottier,et al.  Information flow inference for ML , 2002, POPL '02.

[12]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, High. Order Symb. Comput..

[13]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[14]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[15]  Carla Piazza,et al.  Modelling downgrading in information flow security , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[16]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[17]  Flemming Nielson,et al.  Static Analysis for the pi-Calculus with Applications to Security , 2001, Inf. Comput..

[18]  Nobuko Yoshida,et al.  A uniform type structure for secure information flow , 2002, POPL '02.

[19]  Heiko Mantel,et al.  Static Confidentiality Enforcement for Distributed Programs , 2002 .

[20]  Andrew C. Myers,et al.  Observational determinism for concurrent program security , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[21]  James Riely,et al.  Information flow vs. resource access in the asynchronous pi-calculus , 2000, TOPL.

[22]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[23]  Julian Rathke,et al.  Typed behavioural equivalences for processes in the presence of subtyping , 2004, Math. Struct. Comput. Sci..

[24]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[25]  Naoki Kobayashi Type-based information flow analysis for the π-calculus , 2005, Acta Informatica.

[26]  Nobuko Yoshida,et al.  Secure Information Flow as Typed Process Behaviour , 2000, ESOP.

[27]  François Pottier A simple view of type-secure information flow in the /spl pi/-calculus , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.