A simple view of type-secure information flow in the /spl pi/-calculus

One way of enforcing an information flow control policy is to use a static type system capable of guaranteeing a noninterference property. Noninterference requires that two processes with distinct "high"-level components, but common "low"-level structure, cannot be distinguished by "low"-level observers. We state this property in terms of a rather strict notion of process equivalence, namely weak barbed reduction congruence. Because noninterference is not a safety property, it is often regarded as more difficult to establish than a conventional type safety result. This paper aims to provide an elementary noninterference proof in the setting of the /spl pi/-calculus. This is done by reducing the problem to subject reduction - a safety property - for a nonstandard, but fairly natural, extension of the /spl pi/-calculus, baptized the -calculus.

[1]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[2]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[3]  Andrew C. Myers,et al.  Secure Information Flow and CPS , 2001, ESOP.

[4]  Nobuko Yoshida,et al.  Linearity and Bisimulation , 2002, FoSSaCS.

[5]  Sylvain Conchon,et al.  Information flow inference for free , 2000, ICFP '00.

[6]  Flemming Nielson,et al.  Static Analysis of Processes for No and Read-Up nad No Write-Down , 1999, FoSSaCS.

[7]  Analysis and caching of dependencies , 1996, ICFP '96.

[8]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  David Wright,et al.  Trust in the pi-calculus , 2001, PPDP '01.

[10]  Robin Milner,et al.  Barbed Bisimulation , 1992, ICALP.

[11]  Benjamin C. Pierce,et al.  Linearity and the pi-calculus , 1999, TOPL.

[12]  Nobuko Yoshida,et al.  A uniform type structure for secure information flow , 2002, POPL '02.

[13]  Nobuko Yoshida,et al.  Graph Types for Monadic Mobile Processes , 1996, FSTTCS.

[14]  PottierFrançois,et al.  Information flow inference for free , 2000 .

[15]  Davide Sangiorgi,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[16]  Matthew Hennessy,et al.  The Security Picalculus and Non-interference (Extended Abstract) , 2003, MFPS.

[17]  Geoffrey Smith,et al.  A new type system for secure information flow , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[18]  Atsushi Igarashi,et al.  Type Reconstruction for Linear -Calculus with I/O Subtyping , 2000, Inf. Comput..

[19]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[20]  Nobuko Yoshida,et al.  Secure Information Flow as Typed Process Behaviour , 2000, ESOP.

[21]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[22]  R.,et al.  A CLASSIFICATION OF SECURITY PROPERTIES FOR PROCESS ALGEBRAS 1 , 1994 .

[23]  Ilaria Castellani,et al.  Noninterference for Concurrent Programs , 2001, ICALP.

[24]  Robin Milner,et al.  The Polyadic π-Calculus: a Tutorial , 1993 .

[25]  James Riely,et al.  Information Flow vs. Resource Access in the Asynchronous Pi-Calculus , 2000, ICALP.

[26]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[27]  Jan Vitek,et al.  Secure composition of untrusted code: wrappers and causality types , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.