An Automata Based Approach for Verifying Information Flow Properties

D’Souza, Deepak; Raghavendra, K. R.; Sprick, Barbara

doi:10.1016/j.entcs.2005.06.005

Cited by 8 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We also note that if the property WNI were expressible as a Boolean combination of BSPs, the decision procedure for model-checking BSPs for finite-state systems in [9] would imply that model-checking WNI for finite-state systems is decidable. Hence we can conclude that:…”

Section: Theorem 6 the Problem Of Model-checking The Property Wni Fomentioning

confidence: 99%

Model-checking trace-based information flow properties*

D’Souza

Holla

Raghavendra

et al. 2011

JCS

Self Cite

View full text Add to dashboard Cite

In this paper we consider the problem of verifying trace-based information flow properties for different classes of system models. We begin by proposing an automata-theoretic technique for model-checking trace-based information flow properties for finite-state systems. We do this by showing that Mantel's Basic Security Predicates (BSPs), which were shown to be the building blocks of most trace-based properties in the literature, can be verified in an automated way for finite-state system models. We also consider the problem for the class of pushdown system models, and show that it is undecidable to check such systems for any of the trace-based information flow properties. Finally we consider a simple trace-based property we call "weak non-inference" and show that it is undecidable even for finite-state systems.

show abstract

Section: Theorem 6 the Problem Of Model-checking The Property Wni Fomentioning

confidence: 99%

Model-checking trace-based information flow properties*

D’Souza

Holla

Raghavendra

et al. 2011

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…The complexity of verifying these basic properties has been studied [22]. A few works have considered richer systems models than finite state systems, e.g.…”

Section: Related Workmentioning

confidence: 99%

“…Union(s · a, t · a) ; 22 if obs u (s · a) = obs u (t · a) then 23 return compute-witness(s · a, t · a, , ) ; 24 return "secure" add ((s · a, t · a), (s, t), (a, a)) to store; 23 insert (s · a, t · a) into the list P ;…”

unclassified

The Complexity of Intransitive Noninterference

Eggert

Meyden

Schnoor

et al. 2011

2011 IEEE Symposium on Security and Privacy

View full text Add to dashboard Cite

Abstract-1 The paper considers several definitions of information flow security for intransitive policies from the point of view of the complexity of verifying whether a finite-state system is secure. The results are as follows. Checking (i) P-security (Goguen and Meseguer), (ii) IPsecurity (Haigh and Young), and (iii) TA-security (van der Meyden) are all in PTIME, while checking TO-security (van der Meyden) is undecidable. The most important ingredients in the proofs of the PTIME upper bounds are new characterizations of the respective security notions, which also enable the algorithms to return simple counterexamples demonstrating insecurity. Our results for IPsecurity improve a previous doubly exponential bound of Hadj-Alouane et al.

show abstract

“…In [9] the authors consider the complexity of many non-interference verification problems but synthesis is not addressed. In [10] an exponential time decision procedure for checking whether a finite state system satisfies a given Basic − → q, and iv) time continuity:…”

Section: Introductionmentioning

confidence: 99%

Control and synthesis of non-interferent timed systems

Benattar¹,

Cassez

Lime

et al. 2014

International Journal of Control

View full text Add to dashboard Cite

In this paper, we focus on the synthesis of secure timed systems which are modelled as timed automata. The security property that the system must satisfy is a non-interference property. Intuitively, non-interference ensures the absence of any causal dependency from a high-level domain to a lower-level domain. Various notions of non-interference have been defined in the literature, and in this paper we focus on Strong Non-deterministic Non-Interference (SNNI) and two (bi)simulation based variants thereof (CSNNI and BSNNI). We consider timed non-interference properties for timed systems specified by timed automata and we study the two following problems: (1) check whether it is possible to find a sub-system so that it is non-interferent; if yes (2) compute a (largest) sub-system which is non-interferent.Security Predicate (BSP) is presented but the synthesis problem is not addressed. Recently supervisory control for opacity property has been studied in [11], [12], [13] in the untimed setting. Opacity is undecidable for timed systems [14] and thus the associated control problem is undecidable as well. In [15] the controller synthesis problem for non-interference properties is addressed for untimed systems. In [16], supervisory control to enforce Intransitive non-interference for three level security systems is proposed in the untimed setting.The non-interference synthesis problem for dense-time systems specified by timed automata was first considered in [17]. The non-interference property considered in [17] is the state non-interference property, which is less demanding than the one we consider here. This paper extends the results of [18] about SNNI control problems for timed systems: Section V addresses the SNNI control problem for timed systems and is a detailed presentation of the result of [18] with proofs of the theorems that were unpublished. Sections III and IV are new and the latter provides a new result, Theorem 2. Section VI addresses the CSNNI and BSNNI control problems for timed systems and also contains new results: Theorems 9, 10, 11 and Propositions 4 and 5.Our Contribution. In this paper, we first exhibit a class dTA of timed automata for which the SNNI verification problem is decidable. The other main results are: (1) we prove that deciding whether there is a controller C for a timed automaton A such that (s.t. in the following) C(A) is SNNI, is decidable for the previous class dTA;(2) we reduce the SNNI controller synthesis problem to solving a sequence of safety timed games; (3) we show that there is not always a most permissive controller for CSNNI and BSNNI; (4) we prove that the control problem for CSNNI is decidable for the class dTA and that the CSNNI controller synthesis problem for dTA reduces to the SNNI controller synthesis problem. We also give the theoretical complexities of these problems. Organization of the paper. Section II recalls the basics of timed automata, timed languages and some results on safety timed games. Section III gives the definition of the non-interference propertie...

show abstract

An Automata Based Approach for Verifying Information Flow Properties

Cited by 8 publications

References 10 publications

Model-checking trace-based information flow properties*

Model-checking trace-based information flow properties*

The Complexity of Intransitive Noninterference

Control and synthesis of non-interferent timed systems

Contact Info

Product

Resources

About