Information flow vs. resource access in the asynchronous pi-calculus

We propose an extension of the asynchronous π-calculus in which a variety of security properties may be captured using types. These are an extension of the input/output types for the π-calculus in which I/O capabilities are assigned specific security levels. The main innovation is a uniform typing system that, by varying slightly the allowed set of types, captures different notions of security.We first define a typing system that ensures that processes running at security level σ cannot access resources with a security level higher than σ. The notion of access control guaranteed by this system is formalized in terms of a Type Safety Theorem.We then show that, by restricting the allowed types, our system prohibits implicit information flow from high-level to low-level processes. We prove that low-level behavior can not be influenced by changes to high-level behavior. This is formalized as a noninterference theorem with respect to may testing.

[1]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[2]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[3]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[4]  Hanne Riis Nielson,et al.  Control flow analysis for the π-calculus , 1998 .

[5]  James Riely,et al.  Trust and Partial Typing in Open Systems of Mobile Agents , 2004, Journal of Automated Reasoning.

[6]  Roberto Gorrieri,et al.  Non Interference : Past , Present and FutureRiccardo , 1997 .

[7]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[8]  Davide Sangiorgi,et al.  Typing and subtyping for mobile processes , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[9]  Mario Tokoro,et al.  On Asynchronous Communication Semantics , 1991, Object-Based Concurrent Computing.

[10]  Roberto Gorrieri,et al.  A Taxonomy of Security Properties for Process Algebras , 1995, J. Comput. Secur..

[11]  Flemming Nielson,et al.  Static Analysis of Processes for No and Read-Up nad No Write-Down , 1999, FoSSaCS.

[12]  Martín Abadi,et al.  Secrecy by Typing inSecurity Protocols , 1997, TACS.

[13]  Antti Huima,et al.  Using multimodal logic to express conflicting interests in security protocols in proceedings of DIMACS Workshop on Design and formal verification of security protocols , 1997 .

[14]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[15]  James Riely,et al.  Information Flow vs. Resource Access in the Asynchronous Pi-Calculus , 2000, ICALP.

[16]  Flemming Nielson,et al.  Control Flow Analysis for the pi-calculus , 1998, CONCUR.

[17]  Gregory R. Andrews,et al.  An Axiomatic Approach to Information Flow in Programs , 1980, TOPL.

[18]  Nobuko Yoshida,et al.  Graph Types for Monadic Mobile Processes , 1996, FSTTCS.

[19]  Jim Woodcock,et al.  Non-interference through Determinism , 1994, J. Comput. Secur..

[20]  Matthew Hennessy,et al.  Testing Theories for Asynchronous Languages , 1998, FSTTCS.

[21]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[22]  Nobuko Yoshida,et al.  Secure Information Flow as Typed Process Behaviour , 2000, ESOP.

[23]  R.,et al.  A CLASSIFICATION OF SECURITY PROPERTIES FOR PROCESS ALGEBRAS 1 , 1994 .

[24]  Ilaria Castellani,et al.  Noninterference for Concurrent Programs , 2001, ICALP.

[25]  Robin Milner,et al.  Modal Logics for Mobile Processes , 1991, Theor. Comput. Sci..

[26]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[27]  James Riely,et al.  Resource Access Control in Systems of Mobile Agents , 2002, HLCL.

[28]  Geoffrey Smith,et al.  Secure information flow in a multi-threaded imperative language , 1998, POPL '98.

[29]  Benjamin C. Pierce,et al.  Pict: a programming language based on the Pi-Calculus , 2000, Proof, Language, and Interaction.

[30]  Gérard Boudol,et al.  Asynchrony and the Pi-calculus , 1992 .

[31]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[32]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[33]  Roberto Gorrieri,et al.  The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties , 1997, IEEE Trans. Software Eng..

[34]  Jean-Jacques Lévy,et al.  A Calculus of Mobile Agents , 1996, CONCUR.