Non-interference for deterministic interactive programs

We consider the problem of defining an appropriate notion of non-interference (NI) for deterministic interactive programs. Previous work on the security of interactive programs by O'Neill, Clarkson and Chong (CSFW 2006) builds on earlier ideas due to Wittbold and Johnson (Symposium on Security and Privacy 1990), and argues for a notion of NI defined in terms of strategies modelling the behaviour of users. We show that, for deterministic interactive programs, it is not necessary to consider strategies and that a simple stream model of the users' behaviour is sufficient. The key technical result is that, for deterministic programs, stream-based NI implies the apparently more general strategy-based NI (in fact we consider a wider class of strategies than those of O'Neill et al). We give our results in terms of a simple notion of Input-Output Labelled Transition System, thus allowing application of the results to a large class of deterministic interactive programming languages

Securing Databases from Probabilistic Inference

Databases can leak confidential information when users combine query results with probabilistic data dependencies and prior knowledge. Current research offers mechanisms that either handle a limited class of dependencies or lack tractable enforcement algorithms. We propose a foundation for Database Inference Control based on ProbLog, a probabilistic logic programming language. We leverage this foundation to develop Angerona, a provably secure enforcement mechanism that prevents information leakage in the presence of probabilistic dependencies. We then provide a tractable inference algorithm for a practically relevant fragment of ProbLog. We empirically evaluate Angerona's performance showing that it scales to relevant security-critical problems.Comment: A short version of this paper has been accepted at the 30th IEEE Computer Security Foundations Symposium (CSF 2017

A companion to coalgebraic weak bisimulation for action-type systems

We propose a coalgebraic definition of weak bisimulation for classes of coalgebras obtained from bifunctors in the category Set. Weak bisim-ilarity for a system is obtained as strong bisimilarity of a transformed system. The particular transformation consists of two steps: First, the behavior on actions is lifted to behavior on finite words. Second, the behavior on finite words is taken modulo the hiding of internal or in-visible actions, yielding behavior on equivalence classes of words closed under silent steps. The coalgebraic definition is validated by two cor-respondence results: one for the classical notion of weak bisimulation of Milner, another for the notion of weak bisimulation for generative probabilistic transition systems as advocated by Baier and Hermanns.

Coalgebraic Weak Bisimulation for Action-Type Systems

We propose a coalgebraic definition of weak bisimulation for classes of coalgebras obtained from bifunctors in the category Set. Weak bisimilarity for a system is obtained as strong bisimilarity of a transformed system. The particular transformation consists of two steps: First, the behavior on actions is lifted to behavior on finite words. Second, the behavior on finite words is taken modulo the hiding of internal or invisible actions, yielding behavior on equivalence classes of words closed under silent steps. The coalgebraic definition is validated by two correspondence results: one for the classical notion of weak bisimulation of Milner, another for the notion of weak bisimulation for generative probabilistic transition systems as advocated by Baier and Hermanns

Coalgebraic Weak Bisimulation for Action-Type Systems

We propose a coalgebraic definition of weak bisimulation for classes of coalgebras obtained from bifunctors in the category Set. Weak bisimilarity for a system is obtained as strong bisimilarity of a transformed system. The particular transformation consists of two steps: First, the behavior on actions is lifted to behavior on finite words. Second, the behavior on finite words is taken modulo the hiding of internal or invisible actions, yielding behavior on equivalence classes of words closed under silent steps. The coalgebraic definition is validated by two correspondence results: one for the classical notion of weak bisimulation of Milner, another for the notion of weak bisimulation for generative probabilistic transition systems as advocated by Baier and Hermanns