5,148 research outputs found
Unwinding in Information Flow Security
We study information flow security properties which are persistent, in the sense that if a system is secure then all of its reachable states are secure too. We present a uniform characterization of these properties in terms of a general unwinding schema. This unwinding characterization allows us to prove several compositionality properties of the considered security classes. Moreover, we exploit the unwinding condition to dictate the form of the rules we can use to incrementally develop secure processes and to rectify insecure processes
Unwinding biological systems
Unwinding conditions have been fruitfully exploited in Information Flow Security to define persistent security properties. In this paper we investigate their meaning and possible uses in the analysis of biological systems. In particular, we elaborate on the notion of robustness and propose some instances of unwinding over the process algebra Bio-PEPA and over hybrid automata. We exploit such instances to analyse two case-studies: Neurospora crassa circadian system and Influenza kinetics models
Complexity and Unwinding for Intransitive Noninterference
The paper considers several definitions of information flow security for
intransitive policies from the point of view of the complexity of verifying
whether a finite-state system is secure. The results are as follows. Checking
(i) P-security (Goguen and Meseguer), (ii) IP-security (Haigh and Young), and
(iii) TA-security (van der Meyden) are all in PTIME, while checking TO-security
(van der Meyden) is undecidable, as is checking ITO-security (van der Meyden).
The most important ingredients in the proofs of the PTIME upper bounds are new
characterizations of the respective security notions, which also lead to new
unwinding proof techniques that are shown to be sound and complete for these
notions of security, and enable the algorithms to return simple
counter-examples demonstrating insecurity. Our results for IP-security improve
a previous doubly exponential bound of Hadj-Alouane et al
An Automata Based Approach for Verifying Information Flow Properties
AbstractWe present an automated verification technique to verify trace based information flow properties for finite state systems. We show that the Basic Security Predicates (BSPs) defined by Mantel in [Mantel, H., Possibilistic Definitions of Security – An Assembly Kit, in: Proceedings of the 13th IEEE Computer Security Foundations Workshop (2000), pp. 185–199], which are shown to be the building blocks of known trace based information flow properties, can be characterised in terms of regularity preserving language theoretic operations. This leads to a decision procedure for checking whether a finite state system satisfies a given BSP. Verification techniques in the literature (e.g. unwinding) are based on the structure of the transition system and are incomplete in some cases. In contrast, our technique is language based and complete for all information flow properties that can be expressed in terms of BSPs
Information Security as Strategic (In)effectivity
Security of information flow is commonly understood as preventing any
information leakage, regardless of how grave or harmless consequences the
leakage can have. In this work, we suggest that information security is not a
goal in itself, but rather a means of preventing potential attackers from
compromising the correct behavior of the system. To formalize this, we first
show how two information flows can be compared by looking at the adversary's
ability to harm the system. Then, we propose that the information flow in a
system is effectively information-secure if it does not allow for more harm
than its idealized variant based on the classical notion of noninterference
- …