Probabilistic confinement in a declarative framework

Abstract We show how to formulate and analyse some security notions in the context of declarative programming. We concentrate on a particular class of security properties, namely the so-called confinement properties. Our reference language is concurrent constraint programming. We use a probabilistic version of this language (PCCP) to highlight via simple program examples the difference between probabilistic and nondeterministic confinement. The different role played by variables in imperative and constraint programming hinders a direct translation of the notion of confinement into our declarative setting. Therefore, we introduce the notion of identity confinement which is more appropriate for constraint languages. Finally, we present an approximating probabilistic semantics which can be used as a base for the analysis of confinement properties, and show its correctness with respect to the operational semantics of PCCP.

[1]  Prakash Panangaden,et al.  The semantic foundations of concurrent constraint programming , 1991, POPL '91.

[2]  Herbert Wiklicky,et al.  Measuring the Precision of Abstract Interpretations , 2000, LOPSTR.

[3]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[4]  David Sands,et al.  A Per Model of Secure Information Flow in Sequential Programs , 1999, High. Order Symb. Comput..

[5]  James W. Gray,et al.  Probabilistic interference , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Geoffrey Smith,et al.  Verifying secrets and relative secrecy , 2000, POPL '00.

[7]  Herbert Wiklicky,et al.  Probabilistic Concurrent Constraint Programming: Towards a Fully Abstract Model , 1998, MFCS.

[8]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[9]  Herbert Wiklicky,et al.  An operational semantics for probabilistic concurrent constraint programming , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[10]  Flemming Nielson,et al.  International Workshop on Principles of Program Analysis , 1999 .

[11]  Herbert Wiklicky,et al.  Concurrent constraint programming: towards probabilistic abstract interpretation , 2000, PPDP '00.

[12]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[13]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[14]  Radha Jagadeesan,et al.  Probabilistic Concurrent Constraint Programming , 1997, CONCUR.

[15]  Geoffrey Smith,et al.  Probabilistic noninterference in a concurrent language , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[16]  Geoffrey Smith,et al.  Confinement properties for programming languages , 1998, SIGA.

[17]  Herbert Wiklicky,et al.  Quantitative Observables and Averages in Probabilistic Constraint Programming , 1999, New Trends in Constraints.

[18]  Vijay A. Saraswat,et al.  Concurrent constraint programming , 1989, POPL '90.

[19]  Frank S. de Boer,et al.  Nondeterminism and Infinite Computations in Constraint Programming , 1995, Theor. Comput. Sci..