10,226 research outputs found
Opacity with Orwellian Observers and Intransitive Non-interference
Opacity is a general behavioural security scheme flexible enough to account
for several specific properties. Some secret set of behaviors of a system is
opaque if a passive attacker can never tell whether the observed behavior is a
secret one or not. Instead of considering the case of static observability
where the set of observable events is fixed off line or dynamic observability
where the set of observable events changes over time depending on the history
of the trace, we consider Orwellian partial observability where unobservable
events are not revealed unless a downgrading event occurs in the future of the
trace. We show how to verify that some regular secret is opaque for a regular
language L w.r.t. an Orwellian projection while it has been proved undecidable
even for a regular language L w.r.t. a general Orwellian observation function.
We finally illustrate relevancy of our results by proving the equivalence
between the opacity property of regular secrets w.r.t. Orwellian projection and
the intransitive non-interference property
Verification of Information Flow Properties under Rational Observation
Information flow properties express the capability for an agent to infer
information about secret behaviours of a partially observable system. In a
language-theoretic setting, where the system behaviour is described by a
language, we define the class of rational information flow properties (RIFP),
where observers are modeled by finite transducers, acting on languages in a
given family . This leads to a general decidability criterion for
the verification problem of RIFPs on , implying
PSPACE-completeness for this problem on regular languages. We show that most
trace-based information flow properties studied up to now are RIFPs, including
those related to selective declassification and conditional anonymity. As a
consequence, we retrieve several existing decidability results that were
obtained by ad-hoc proofs.Comment: 19 pages, 7 figures, version extended from AVOCS'201
Transforming opacity verification to nonblocking verification in modular systems
We consider the verification of current-state and K-step opacity for systems
modeled as interacting non-deterministic finite-state automata. We describe a
new methodology for compositional opacity verification that employs
abstraction, in the form of a notion called opaque observation equivalence, and
that leverages existing compositional nonblocking verification algorithms. The
compositional approach is based on a transformation of the system, where the
transformed system is nonblocking if and only if the original one is
current-state opaque. Furthermore, we prove that -step opacity can also be
inferred if the transformed system is nonblocking. We provide experimental
results where current-state opacity is verified efficiently for a large
scaled-up system
Probabilistic Opacity for Markov Decision Processes
Opacity is a generic security property, that has been defined on (non
probabilistic) transition systems and later on Markov chains with labels. For a
secret predicate, given as a subset of runs, and a function describing the view
of an external observer, the value of interest for opacity is a measure of the
set of runs disclosing the secret. We extend this definition to the richer
framework of Markov decision processes, where non deterministic choice is
combined with probabilistic transitions, and we study related decidability
problems with partial or complete observation hypotheses for the schedulers. We
prove that all questions are decidable with complete observation and
-regular secrets. With partial observation, we prove that all
quantitative questions are undecidable but the question whether a system is
almost surely non opaque becomes decidable for a restricted class of
-regular secrets, as well as for all -regular secrets under
finite-memory schedulers
- …