Process algebra and non-interference

The information security community has long debated the exact definition of the term "security". Even if we focus on the more modest notion of confidentiality the precise definition remains controversial. In their seminal paper, Goguen and Meseguer (1982) took an important step towards a formalisation of the notion of absence of information flow with the concept of non-interference. This too was found to have problems and limitations, particularly when applied to systems displaying non-determinism which led to a proliferation of refinements of this notion and there is still no consensus as to which of these is "correct". We show that this central concept in information security is closely related to a central concept of computer science: that of the equivalence of systems. The notion of non-interference depends ultimately on our notion of process equivalence. However what constitutes the equivalence of two processes is itself a deep and controversial question in computer science with a number of distinct definitions proposed in the literature. We illustrate how several of the leading candidates for a definition of non-interference mirror notions of system equivalence. Casting these security concepts in a process algebraic framework clarifies the relationship between them and allows many results to be carried over regarding, for example, composition and unwinding. We also outline some generalisations of non-interference to handle partial and conditional information flows.

[1]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[2]  Steve A. Schneider Abstraction and Testing , 1999, World Congress on Formal Methods.

[3]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[4]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Matthew Hennessy,et al.  Algebraic theory of processes , 1988, MIT Press series in the foundations of computing.

[6]  Peter Y. A. Ryan,et al.  A CSP formulation of non-interference and unwinding , 1991 .

[7]  Paul H. B. Gardiner Power Simulation and its Relation to Traces and Failures Refinement , 2000, Electron. Notes Theor. Comput. Sci..

[8]  Gavin Lowe,et al.  Probabilities and priorities in timed CSP , 1993 .

[9]  Jim Woodcock,et al.  Non-interference through Determinism , 1994, J. Comput. Secur..

[10]  Steve A. Schneider,et al.  Concurrent and Real-time Systems: The CSP Approach , 1999 .

[11]  Jan Jürjens,et al.  Secure Information Flow for Concurrent Processes , 2000, CONCUR.

[12]  Paul F. Syverson,et al.  A logical approach to multilevel security of probabilistic systems , 1998, Distributed Computing.

[13]  Sylvan Pinsky,et al.  Absorbing covers and intransitive non-interference , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[14]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[15]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 2001 .

[16]  Colin O'Halloran,et al.  A Calculus of Information Flow , 1990, ESORICS.

[17]  Antti Huima,et al.  Using multimodal logic to express conflicting interests in security protocols in proceedings of DIMACS Workshop on Design and formal verification of security protocols , 1997 .

[18]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[19]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[20]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[21]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[23]  David Nowak,et al.  A Unifying Approach to Data-Independence , 2000, CONCUR.

[24]  Steve A. Schneider Abstraction and Testing in CSP , 2000, Formal Aspects of Computing.