Action Refinement in Process Algebra and Security Issues

In the design process of distributed systems we may have to replace abstract specifications of components by more concrete specifications, thus providing more detailed design information. In the context of process algebra, this well-known approach is often referred to as action refinement. We study the relationships between action refinement and security properties within the Security Process Algebra (SPA). First we formalize the concept of action refinement as a structural inductive transformation. Then we prove several compositional results which can be exploited in the stepwise development of processes. Finally, we consider information flow security properties for SPA processes and define a decidable class of secure processes which is closed under refinement.

[1]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[2]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Niklaus Wirth,et al.  Program development by stepwise refinement , 1971, CACM.

[4]  Grzegorz Rozenberg,et al.  Stepwise Refinement of Distributed Systems Models, Formalisms, Correctness , 1989, Lecture Notes in Computer Science.

[5]  Andrzej Tarlecki,et al.  Mathematical Foundations of Computer Science 1991 , 1991, Lecture Notes in Computer Science.

[6]  Erik P. de Vink,et al.  Bisimulation Semantics for Concurrency with Atomicity and Action Refinement , 1994, Fundam. Informaticae.

[7]  Heiko Mantel,et al.  Possibilistic definitions of security-an assembly kit , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[8]  Luca Aceto,et al.  Adding Action Refinement to a Finite Process Algebra , 1991, Inf. Comput..

[9]  Ursula Goltz,et al.  Refinement of actions and equivalence notions for concurrent systems , 2001, Acta Informatica.

[10]  Ketil Stølen,et al.  Maintaining Information Flow Security Under Refinement and Transformation , 2006, Formal Aspects in Security and Trust.

[11]  J. Jacob,et al.  On the derivation of secure components , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[12]  Roberto Gorrieri,et al.  Classification of Security Properties (Part I: Information Flow) , 2000, FOSAD.

[13]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[14]  Frits W. Vaandrager,et al.  The Difference between Splitting in n and n+1 , 1995, Inf. Comput..

[15]  Riccardo Focardi,et al.  Information flow security in dynamic contexts , 2006, J. Comput. Secur..

[16]  Carla Piazza,et al.  Modelling downgrading in information flow security , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[17]  Kim S. Larsen,et al.  Fully abstract models for a process language with refinement , 1988, REX Workshop.

[18]  Ursula Goltz,et al.  Equivalence Notions for Concurrent Systems and Refinement of Actions (Extended Abstract) , 1989, MFCS.

[19]  Mario Bravetti,et al.  Deciding and axiomatizing weak ST bisimulation for a process algebra with recursion and action refinement , 2002, TOCL.

[20]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[21]  Antoni Kreczmar,et al.  Mathematical Foundations of Computer Science 1989 , 1989, Lecture Notes in Computer Science.

[22]  Riccardo Focardi,et al.  Refinement operators and information flow security , 2003, First International Conference onSoftware Engineering and Formal Methods, 2003.Proceedings..

[23]  Simon N. Foley,et al.  A Universal Theory of Information Flow , 1987, 1987 IEEE Symposium on Security and Privacy.

[24]  Ugo Montanari,et al.  CCS Dynamic Bisimulation is Progressing , 1991, MFCS.

[25]  Roberto Gorrieri,et al.  A Causal Operational Semantics of Action Refinement , 1995, Inf. Comput..

[26]  Grzegorz Rozenberg,et al.  Linear Time, Branching Time and Partial Order in Logics and Models for Concurrency , 1988, Lecture Notes in Computer Science.

[27]  Gérard Boudol Atomic actions , 1989, Bull. EATCS.

[28]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[29]  Riccardo Focardi,et al.  Unwinding in Information Flow Security , 2004, MEFISTO.

[30]  Arend Rensink,et al.  Comparing Syntactic and Semantic Sction Refinement , 1996, Inf. Comput..

[31]  Arend Rensink,et al.  Action Refinement , 1999, Handbook of Process Algebra.