A General Framework for Nondeterministic, Probabilistic, and Stochastic Noninterference

Aldini, Alessandro; Bernardo, Marco

doi:10.1007/978-3-642-03459-6_2

Cited by 5 publications

(9 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, with regard to our running example, since we have proved the compatibility between the router and the low receiver, with a minor effort we may immediately derive the compatibility between the router and several concurrent low receivers, which guarantees the preservation of the noninterference property. We conclude by observing that fine-grain information, such as probability distributions or temporal durations of events, can be added so as to augment the distinguishing power of the noninterference check (see, e.g., [17,5,3] and the references therein). To this aim, the noninterference notion must be defined in terms of behavioral equivalences like, e.g., weak probabilistic bisimilarity and weak Markovian bisimilarity.…”

Section: Discussionmentioning

confidence: 97%

Component-oriented verification of noninterference

Aldini

Bernardo

2011

Journal of Systems Architecture

Self Cite

View full text Add to dashboard Cite

Component-based software engineering often relies on libraries of trusted components that are combined to build dependable and secure software systems. Resource dependences, constraint conflicts, and information flow interferences arising from component combination that may violate security requirements can be revealed by means of the noninterference approach to information flow analysis. However, the security of large component-based systems may be hard to assess in an efficient and systematic way. In this paper, we propose a component-oriented formulation of noninterference that enables compositional security verification driven by system topology. This is realized by implementing scalable noninterference checks in the formal framework of a process algebraic architectural description language equipped with equivalence checking techniques.

show abstract

Section: Discussionmentioning

confidence: 97%

Component-oriented verification of noninterference

Aldini

Bernardo

2011

Journal of Systems Architecture

Self Cite

View full text Add to dashboard Cite

show abstract

“…This bisimulation is defined in the context of both discrete and continuous time Markov chains without any notion of compositionality, and hence of contextuality. Compositionality is considered in [2,5,9], where definitions of weak bisimilarities for stochastic process algebra based on the classical concept of weak action are proposed. Our approach shares with these bisimilarities the idea of ignoring the rates for non-synchronizing (labeled τ) transitions between a state and the others belonging to the same equivalence class.…”

Section: Definition 2 (Lumpable Bisimilarity)mentioning

confidence: 99%

“…Our approach shares with these bisimilarities the idea of ignoring the rates for non-synchronizing (labeled τ) transitions between a state and the others belonging to the same equivalence class. The main difference between our definition and those presented in [2,5,9] is that we explicitly studied the relationships between our lumpable bisimilarity at the process algebra level and the induced lumping of the underlying Markov chains. This led to a coinductive characterization of a notion of contextual lumpability as described in [21].…”

Section: Definition 2 (Lumpable Bisimilarity)mentioning

confidence: 99%

“…The notion of Non-Interference for deterministic systems has been introduced in [17] and it has been extended to non-deterministic systems. Non-Interference has been then studied in different settings such as programming languages [16,30,31], trace models [22,25], cryptographic protocols [1,6,13], process calculi [7,8,12,19,29], probabilistic models [2,10], timed models [14,18], and stochastic models [2].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Persistent Stochastic Non-Interference

Hillston

Piazza

Rossi

2018

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

In this paper we present an information flow security property for stochastic, cooperating, processes expressed as terms of the Performance Evaluation Process Algebra (PEPA). We introduce the notion of Persistent Stochastic Non-Interference (PSNI) based on the idea that every state reachable by a process satisfies a basic Stochastic Non-Interference (SNI) property. The structural operational semantics of PEPA allows us to give two characterizations of PSNI: the first involves a single bisimulation-like equivalence check, while the second is formulated in terms of unwinding conditions. The observation equivalence at the base of our definition relies on the notion of lumpability and ensures that, for a secure process P, the steady state probability of observing the system being in a specific state P ′ is independent from its possible high level interactions.

show abstract

“…The revised methodology is illustrated through its application to a running example based on a multilevel security routing system. The paper, which is an extended version of [3], is organized as follows. In Sect.…”

Section: Trading Security With Performancementioning

confidence: 99%

Weak Behavioral Equivalences for Verifying Secure and Performance-Aware Component-Based Systems

Aldini

Bernardo

2009

Architecting Dependable Systems VI

Self Cite

View full text Add to dashboard Cite

Abstract. Component-based systems are characterized by several orthogonal requirements, ranging from security to quality of service, which may demand for the use of opposite strategies and interfering mechanisms. To achieve a balanced tradeoff among these aspects, we have previously proposed the use of a predictive methodology, which encompasses classical tools such as the noninterference approach to security analysis and standard performance evaluation techniques. The former tool, which is based on equivalence checking, is used to reveal functional dependencies among component behaviors, while the latter tool, which relies on reward-based numerical analysis, is used to study the quantitative impact of these dependencies on the system performance. In order to strengthen the relation between these two different analysis techniques we advocate the use of performance-aware notions of behavioral equivalence as a formal means for detecting functional and performance dependencies and then pinpointing the metrics at the base of a balanced tradeoff. Trading Security with PerformanceOne of the major issues in the design of modern computing systems is trading dependability aspects with the expected quality of service [16,10,15]. A balanced tradeoff is particularly hard to accomplish when the dependability aspect of interest is security and the system under analysis requires the interaction of several, possibly untrusted components performing their activities in wide-area, public networks. As an example, it is commonly recognized that lightweight securing infrastructures like those employed for access control in the setting of the IEEE 802.11 standard for wireless local area networks [26] are able to mitigate the impact of the securing mechanisms on quality of service parameters, such as system throughput and response time, still preserving to a specific extent the properties for which they are introduced.Examples such as this emphasize the importance of integrating the different qualitative and quantitative views of a system in order to understand whether a reasonable balance can be achieved between the satisfaction of security requirements and the expected quality of service. However, foundational approaches to the analysis of secure and performance-aware systems have not successfully

show abstract

A General Framework for Nondeterministic, Probabilistic, and Stochastic Noninterference

Cited by 5 publications

References 23 publications

Component-oriented verification of noninterference

Component-oriented verification of noninterference

Persistent Stochastic Non-Interference

Weak Behavioral Equivalences for Verifying Secure and Performance-Aware Component-Based Systems

Contact Info

Product

Resources

About