A general theory of composition for trace sets closed under selective interleaving functions

McLean, John

doi:10.1109/risp.1994.296590

Cited by 228 publications

(231 citation statements)

References 15 publications

Supporting

Mentioning

227

Contrasting

Unclassified

Order By: Relevance

“…It is known that noninterference is not a safety property [33], [47]. This, however, does not imply that a safe approximation of noninterference cannot be soundly enforced by a monitor (a trivially secure monitor might simply block all executions).…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Dynamic vs. Static Flow-Sensitive Security Analysis

Russo

Sabelfeld

2010

2010 23rd IEEE Computer Security Foundations Symposium

155

216

View full text Add to dashboard Cite

Abstract-This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure programs. It has been also shown that sound purely dynamic information-flow enforcement is more permissive than static analysis in the flow-insensitive case. We argue that the step from flow-insensitive to flow-sensitive is fundamentally limited for purely dynamic information-flow controls. We prove impossibility of a sound purely dynamic information-flow monitor that accepts programs certified by a classical flow-sensitive static analysis. A side implication is impossibility of permissive dynamic instrumented security semantics for information flow, which guides us to uncover an unsound semantics from the literature. We present a general framework for hybrid mechanisms that is parameterized in the static part and in the reaction method of the enforcement (stop, suppress, or rewrite) and give security guarantees with respect to terminationinsensitive noninterference for a simple language with output.

show abstract

Section: Discussionmentioning

confidence: 99%

“…It is known that noninterference is not a safety property [33], [47]. Precise characterizations of what can be enforced by monitoring have been studied in the literature (e.g., [44], [22]), where noninterference is discussed as an example of a policy that cannot be enforced precisely by dynamic mechanisms.…”

Section: Introductionmentioning

confidence: 99%

Dynamic vs. Static Flow-Sensitive Security Analysis

Russo

Sabelfeld

2010

2010 23rd IEEE Computer Security Foundations Symposium

155

216

View full text Add to dashboard Cite

show abstract

“…Unfortunately, the relation is not strong enough to preserve confidentiality properties in specifications, since it may introduce new conduits of information flow to low-level users [8,9]. This result can be established in our framework by appealing to the following lemma (from [7]).…”

Section: Confidentiality-preserving Refinementmentioning

confidence: 98%

“…Several semantic frameworks (including the MAKS) for expressing a range of confidentiality properties in a uniform manner have been proposed in the security literature [5,6,9,10,12,13,14]. The objective of these frameworks is to consolidate the existing definitions of noninterference-like properties in the literature, in order to evaluate and compare these properties systematically and to enable new confidentiality properties to be defined rigorously.…”

Section: Related Workmentioning

confidence: 99%

Unifying Theories of Confidentiality

Banks

Jacob

2010

Unifying Theories of Programming

View full text Add to dashboard Cite

Abstract. This paper presents a framework for reasoning about the security of confidential data within software systems. A novelty is that we use Hoare and He's Unifying Theories of Programming (UTP) to do so and derive advantage from this choice. We identify how information flow between users can be modelled in the UTP and devise conditions for verifying that system designs may not leak secret information to untrusted users. We also investigate how these conditions can be combined with existing notions of refinement to produce refinement relations suitable for deriving secure implementations of systems.

show abstract

“…Separability is a security property introduced in [20] and has been defined as complete independence between high (confidential) and low level (public) sequences of actions. For this property to hold there should be no interaction between confidential and public sequences of actions (e.g., running these actions as two separate processes without any communication between them).…”

Section: Secure Service Composition Patternsmentioning

confidence: 99%

Designing Secure Service Workflows in BPEL

Pino

Mahbub

Spanoudakis

2014

Service-Oriented Computing

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract. This paper presents an approach that we have developed to support the design of secure service based applications in BPEL. The approach is based on the use of secure service composition patterns, which are proven to preserve composition level security properties if the services that are composed according to the pattern satisfy other properties individually. The secure service composition patterns are used for two purposes: (a) to analyse whether a given workflow fragment satisfies a given security property, and (b) to generate compositions of services that could substitute for individual services within the workflow that cause the violation of the security properties. Our approach has been implemented in a tool that is based on Eclipse BPEL Designer. Permanent

show abstract

A general theory of composition for trace sets closed under selective interleaving functions

Cited by 228 publications

References 15 publications

Dynamic vs. Static Flow-Sensitive Security Analysis

Dynamic vs. Static Flow-Sensitive Security Analysis

Unifying Theories of Confidentiality

Designing Secure Service Workflows in BPEL

Contact Info

Product

Resources

About