Hidden-Markov program algebra with iteration

We use hidden Markov models to motivate a quantitative compositional semantics for noninterference-based security with iteration, including a refinement- or 'implements' relation that compares two programs with respect to their information leakage; and we propose a program algebra for source-level reasoning about such programs, in particular as a means of establishing that an 'implementation' program leaks no more than its 'specification' program. This joins two themes: we extend our earlier work, having iteration but only qualitative (Morgan 2009), by making it quantitative; and we extend our earlier quantitative work (McIver et al. 2010) by including iteration. We advocate stepwise refinement and source-level program algebra - both as conceptual reasoning tools and as targets for automated assistance. A selection of algebraic laws is given to support this view in the case of quantitative noninterference; and it is demonstrated on a simple iterated password-guessing attack.

[1]  Carroll Morgan The Shadow Knows: Refinement of Ignorance in Sequential Programs , 2006, MPC.

[2]  R. Ash,et al.  Real analysis and probability , 1975 .

[3]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[4]  Pasquale Malacaria,et al.  Risk assessment of security threats for looping constructs , 2010, J. Comput. Secur..

[5]  Nasser M. Nasrabadi,et al.  Pattern Recognition and Machine Learning , 2006, Technometrics.

[6]  David Clark,et al.  An Interval-based Abstraction for Quantifying Information Flow , 2009, QAPL.

[7]  Harry Cohn A ratio limit theorem for the finite nonhomogeneous Markov chains , 1974 .

[8]  Ali E. Abdallah,et al.  Communicating Sequential Processes: The First 25 Years, Symposium on the Occasion of 25 Years of CSP, London, UK, July 7-8, 2004, Revised Invited Papers , 2005, 25 Years CSP.

[9]  Annabelle McIver,et al.  Probabilistic predicate transformers , 1996, TOPL.

[10]  David Sands,et al.  Probabilistic noninterference for multi-threaded programs , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[11]  Niklaus Wirth,et al.  Program development by stepwise refinement , 1971, CACM.

[12]  S. Hart,et al.  Termination of Probabilistic Concurrent Programs. , 1982 .

[13]  Annabelle McIver,et al.  Probabilistic Models for the Guarded Command Language , 1997, Sci. Comput. Program..

[14]  Geoffrey Smith,et al.  Probabilistic noninterference through weak probabilistic bisimulation , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[15]  Prakash Panangaden,et al.  Probability of Error in Information-Hiding Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[16]  Christopher M. Bishop,et al.  Pattern Recognition and Machine Learning (Information Science and Statistics) , 2006 .

[17]  Joseph Y. Halpern,et al.  Secrecy in Multiagent Systems , 2008, TSEC.

[18]  Eugenio Moggi,et al.  Computational lambda-calculus and monads , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[19]  Carroll Morgan,et al.  Proof rules for probabilistic loops , 1996 .

[20]  E. J. McShane Jensen's inequality , 1937 .

[21]  Paul R. Halmos,et al.  The Legend of John Von Neumann , 1973 .

[22]  Birgit Pfitzmann,et al.  Computational probabilistic noninterference , 2002, International Journal of Information Security.

[23]  A. W. Roscoe An Alternative Order for the Failures Model , 1992, J. Log. Comput..

[24]  Annabelle McIver,et al.  Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science) , 2004 .

[25]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[26]  Carroll Morgan The Shadow Knows: Refinement and security in sequential programs , 2009, Sci. Comput. Program..

[27]  Yuxin Deng,et al.  The Kantorovich Metric in Computer Science: A Brief Survey , 2009, QAPL.

[28]  Micha Sharir,et al.  Termination of Probabilistic Concurrent Program , 1983, TOPL.

[29]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[30]  David Clark,et al.  Quantitative Analysis of Secure Information Flow via Probabilistic Semantics , 2009, 2009 International Conference on Availability, Reliability and Security.

[31]  I. Sonin,et al.  The Decomposition-Separation Theorem for Finite Nonhomogeneous Markov Chains and Related Problems , 2007 .

[32]  Catuscia Palamidessi,et al.  Quantitative Notions of Leakage for One-try Attacks , 2009, MFPS.

[33]  Carroll Morgan Compositional noninterference from first principles , 2010, Formal Aspects of Computing.

[34]  Roman Fric,et al.  A Categorical Approach to Probability Theory , 2010, Stud Logica.

[35]  Hirotoshi Yasuoka,et al.  Quantitative Information Flow - Verification Hardness and Possibilities , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[36]  Annabelle McIver,et al.  Compositional Closure for Bayes Risk in Probabilistic Noninterference , 2010, ICALP.

[37]  Greg Nelson,et al.  A generalization of Dijkstra's calculus , 1989, ACM Trans. Program. Lang. Syst..

[38]  Catuscia Palamidessi,et al.  A Framework for Analyzing Probabilistic Protocols and Its Application to the Partial Secrets Exchange , 2005, TGC.

[39]  Ralph-Johan Back,et al.  Refinement Calculus: A Systematic Introduction , 1998 .

[40]  Catuscia Palamidessi,et al.  Compositional methods for information-hiding † , 2008, Mathematical Structures in Computer Science.

[41]  Dexter Kozen A Probabilistic PDL , 1985, J. Comput. Syst. Sci..

[42]  James H. Martin,et al.  Speech and language processing: an introduction to natural language processing, computational linguistics, and speech recognition, 2nd Edition , 2000, Prentice Hall series in artificial intelligence.

[43]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[44]  Franck van Breugel,et al.  The Metric Monad for Probabilistic Nondeterminism , 2006 .

[45]  Mário S. Alvim,et al.  Information Flow in Interactive Systems , 2010, CONCUR.

[46]  C. Jones,et al.  A probabilistic powerdomain of evaluations , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[47]  Annabelle McIver,et al.  Abstraction, Refinement and Proof for Probabilistic Systems , 2004, Monographs in Computer Science.

[48]  Annabelle McIver,et al.  Linear-Invariant Generation for Probabilistic Programs: - Automated Support for Proof-Based Methods , 2010, SAS.

[49]  A. McIver,et al.  Probabilistic affirmation and refutation : Case studies , 2009 .

[50]  Alessandro Aldini,et al.  A Quantitative Approach to Noninterference for Probabilistic Systems , 2004, MEFISTO.

[51]  Geoffrey Smith,et al.  Probabilistic noninterference in a concurrent language , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).