Information Flow Security for Stochastic Processes

In this paper we study an information flow security property for systems specified as terms of a quantitative process algebra, namely Performance Evaluation Process Algebra (PEPA). Intuitively, we propose a quantitative extension of the Non-Interference property used to secure systems from the functional point view by assuming that the observers are able to measure also the timing properties of the system, e.g., the response time or the throughput. We introduce the notion of Persistent Stochastic Non-Interference (PSNI) and provide two characterizations of it: one based on a bisimulation-like equivalence relation inducing a lumping on the underlying Markov chain, and another one based on unwinding conditions which demand properties of individual actions. These two different characterizations naturally lead to efficient methods for the verification and construction of secure systems. A decision algorithm for PSNI is presented and an application of PSNI to a queueing system is discussed

Persistent Stochastic Non-Interference

In this paper we present an information flow security property for stochastic, cooperating, processes expressed as terms of the Performance Evaluation Process Algebra (PEPA). We introduce the notion of Persistent Stochastic Non-Interference (PSNI) based on the idea that every state reachable by a process satisfies a basic Stochastic Non-Interference (SNI) property. The structural operational semantics of PEPA allows us to give two characterizations of PSNI: the first involves a single bisimulation-like equivalence check, while the second is formulated in terms of unwinding conditions. The observation equivalence at the base of our definition relies on the notion of lumpability and ensures that, for a secure process P, the steady state probability of observing the system being in a specific state P' is independent from its possible high level interactions.Comment: In Proceedings EXPRESS/SOS 2018, arXiv:1808.0807

Controlling Information Release in the pi-calculus

We introduce a notion of controlled information release for a typed version of the pi-calculus extended with declassification primitives; this property scales to noninterference when downgrading is not allowed. We provide various characterizations of controlled release, based on a typed behavioural equivalence relative to a security level s, which captures the idea of externalbobservers of level s. First, we define our security property through a universal quantification over all the possible active attackers, i.e., malicious processes which interact with the system possibly leaking secret information. Then we characterize the controlled release property in terms of an unwinding condition, which deals with so-called passive attackers trying to infer confidential information just by observing the behaviour of the system. Furthermore, we express controlled information release in terms of partial equivalence relations (per models, for short) in the style of a stream of similar studies for imperative and multi-threaded languages. We show that the controlled release property is compositional with respect to most operators of the language leading to efficient proof techniques for the verification and the construction of (compositional) secure systems