Model-checking trace-based information flow properties*

D’Souza, Deepak; Holla, Raveendra; Raghavendra, K. R.; Sprick, Barbara

doi:10.3233/jcs-2010-0400

Cited by 9 publications

(13 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus the low observation of the process is not influenced in any way by its high behavior. In 2011, D'Souza et al [27] propose an automata-theoretic technique for model checking Mantel's BSPs. The proposed model checking approach is based on deciding set inclusion on regular languages.…”

Section: Related Workmentioning

confidence: 99%

Verifying Observational Determinism

Karimpour

Isazadeh

Noroozi

2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Part 1: PrivacyInternational audienceThis paper proposes an approach to verify information flow security of concurrent programs. It discusses a hyperproperty called observational determinism which aims to ensure secure information flow in concurrent programs, and proves how this hyperproperty can be verified by stutter equivalence checking. More precisely, it defines observational determinism in terms of stutter equivalence of all traces having the same low initial value and shows how stutter trace equivalence can be verified by computing a divergence stutter bisimulation quotient. The approach is illustrated by verifying a small example

show abstract

Section: Related Workmentioning

confidence: 99%

Verifying Observational Determinism

Karimpour

Isazadeh

Noroozi

2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

show abstract

“…Recent work [12] has proposed an automata-theoretic technique for model checking the possibilistic information flow hyperproperties from Mantel's framework [19] on finite state systems. To that end the authors show how to model check Mantel's BSPs, which are the building blocks of the respective holistic hyperproperties.…”

Section: Related Workmentioning

confidence: 99%

Towards Incrementalization of Holistic Hyperproperties

Milushev

Clarke

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.A hyperproperty is a set of sets of finite or infinite traces over some fixed alphabet and can be seen as a very generic system specification. In this work, we define the notions of holistic and incremental hyperproperties. Systems specified holistically tend to be more intuitive but difficult to reason about, whereas incremental specifications have a straightforward verification approach. Since most interesting securityrelated hyperproperties are in the syntactic class of holistic hyperproperties, we introduce the process of incrementalization to convert holistic specifications into incremental ones. We then present three incrementalizable classes of holistic hyperproperties and a respective verification method.

show abstract

“…This issue has been addressed in [Rushby 1992], by comparing observations of visible actions in runs of a system (hence including runs containing non-declassified confidential actions), and observations of visible actions in runs of the same system that only contain confidential actions that are declassified afterwards. Most IFPs have been expressed as combinations of basic security predicates (BSPs) [Mantel 2000;2001;D'Souza et al 2011] or as a behavioral equivalence under observation contexts [Focardi and Gorrieri 2001]. A systematic presentation of IFPs can be found, e.g., in [Mantel 2000;2001;Focardi and Gorrieri 2001].…”

Section: Introductionmentioning

confidence: 99%

“…Very few results address IFPs for unbounded models. BSPs and NI are proved undecidable for pushdown systems, but decidability was obtained for small subclasses of context-free languages [D'Souza et al 2011]. Decidability of a bisimulation-based strengthened version of NI called non-deducibility on composition (NDC) for unbounded Petri nets is proved in [Best et al 2010].…”

Section: Introductionmentioning

confidence: 99%

“…This model, standardized by the ITU [ITU-T 2011], is well accepted to represent executions of distributed systems, where security problems are of primary concern. We first define a class of IFPs on HMSCs, as an inclusion relation on observations, following [Focardi and Gorrieri 2001;D'Souza et al 2011] and [Bérard and Mullins 2014]. To keep IFPs within a true concurrency setting, observations of HMSCs are defined as partial orders.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Non-interference in Partial Order Models

Bérard

Hélouët

Mullins

2016

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

Non-interference (NI) is a property of systems stating that confidential actions should not cause effects observable by unauthorized users. Several variants of NI have been studied for many types of models, but rarely for true concurrency or unbounded models. This work investigates NI for High-level Message Sequence Charts (HMSC), a scenario language for the description of distributed systems, based on composition of partial orders. We first propose a general definition of security properties in terms of equivalence among observations of behaviors. Observations are naturally captured by partial order automata, a formalism that generalizes HMSCs and permits to assemble partial orders. We show that equivalence or inclusion properties for HMSCs (hence for partial order automata) are undecidable, which means in particular that NI is undecidable for HMSCs. We hence consider decidable subclasses of partial order automata and HMSCs. Finally, we define weaker local properties, describing situations where a system is attacked by a single agent, and show that local NI is decidable. We then refine local NI to a finer notion of causal NI that emphasizes causal dependencies between confidential actions and observations, and extend it to causal NI with (selective) declassification of confidential events. Checking whether a system satisfies local and causal NI and their declassified variants are PSPACE-complete problems.

show abstract

Model-checking trace-based information flow properties*

Cited by 9 publications

References 23 publications

Verifying Observational Determinism

Verifying Observational Determinism

Towards Incrementalization of Holistic Hyperproperties

Non-interference in Partial Order Models

Contact Info

Product

Resources

About