Preserving security properties under refinement

Communication is one of the cornerstone of our everyday life. Guaranteeing the security of a communication is a very important challenge. In this paper, we propose a formal top-down approach for assuring that security properties are preserved during the development of a complex and concurrent system, i.e., within passage from specification to implementation of the components of the system. Indeed, we investigate on the set of requirements a refinement function has to satisfy for preserving a class of properties that can be formalized as specific instances of a general scheme, called Generalized Non Deducibility on Composition (GNDC). Hence, we show that it is possible to guarantee that the refinement of a considered system that is verified to be GNDC at a high level of abstraction, is GNDC also at a lower one without checking it again.

[1]  Fabio Martinelli,et al.  Analysis of security protocols as open systems , 2003, Theor. Comput. Sci..

[2]  Ron van der Meyden Architectural Refinement and Notions of Intransitive Noninterference , 2009, ESSoS.

[3]  Roberto Gorrieri,et al.  A Taxonomy of Security Properties for CCS. , 1994 .

[4]  Roberto Gorrieri,et al.  Classification of Security Properties - Part II: Network Security , 2002, FOSAD.

[5]  Carla Piazza,et al.  Action Refinement in Process Algebra and Security Issues , 2008, LOPSTR.

[6]  Niklaus Wirth,et al.  Program development by stepwise refinement , 1971, CACM.

[7]  Arend Rensink,et al.  Vertical Implementation , 2001, Inf. Comput..

[8]  Xinxin Liu,et al.  Compositionality through an Operational Semantics of Contexts , 1990, Journal of Logic and Computation.

[9]  Marta Z. Kwiatkowska,et al.  A refinement-based process algebra for timed automata , 2005, Formal Aspects of Computing.

[10]  Jan Jürjens,et al.  Secrecy-Preserving Refinement , 2001, FME.

[11]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[12]  Fabio Martinelli,et al.  A Uniform Approach for the Definition of Security Properties , 1999, World Congress on Formal Methods.

[13]  Marie-Laure Potet,et al.  Security Policy Enforcement Through Refinement Process , 2007, B.

[14]  Gabriele Lenzini,et al.  Applying Generalized Non Deducibility on Compositions (GNDC) Approach in Dependability , 2004, MEFISTO.

[15]  Heiko Mantel A uniform framework for the formal specification and verification of information flow security , 2003 .

[16]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[17]  Dieter Hutter,et al.  Possibilistic Information Flow Control in MAKS and Action Refinement , 2006, ETRICS.

[18]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[19]  Gabriele Lenzini,et al.  A Uniform Approach to Security and Fault-Tolerance Specification and Analysis , 2009, WADS.

[20]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[21]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[22]  Fabio Martinelli,et al.  A framework for automatic generation of security controller , 2012, Softw. Test. Verification Reliab..

[23]  Fabio Martinelli,et al.  Idea: Action Refinement for Security Properties Enforcement , 2009, ESSoS.

[24]  A. W. Roscoe On the expressive power of CSP refinement , 2005, Formal Aspects of Computing.

[25]  Robin Milner,et al.  Operational and Algebraic Semantics of Concurrent Processes , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[26]  Charles Stephen Dessain,et al.  To David Lewis , 1962 .

[27]  Heiko Mantel,et al.  Preserving information flow properties under refinement , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[28]  Thomas Santen,et al.  Preservation of probabilistic information flow under refinement , 2008, Inf. Comput..