27,523 research outputs found
The PER model of abstract non-interference
Abstract. In this paper, we study the relationship between two models of secure information flow: the PER model (which uses equivalence relations) and the abstract non-interference model (which uses upper closure operators). We embed the lattice of equivalence relations into the lattice of closures, re-interpreting abstract non-interference over the lattice of equivalence relations. For narrow abstract non-interference, we show non-interference it is strictly less general. The relational presentation of abstract non-interference leads to a simplified construction of the most concrete harmless attacker. Moreover, the PER model of abstract noninterference allows us to derive unconstrained attacker models, which do not necessarily either observe all public information or ignore all private information. Finally, we show how abstract domain completeness can be used for enforcing the PER model of abstract non-interference
Non-interference for deterministic interactive programs
We consider the problem of defining an appropriate notion of non-interference (NI) for deterministic interactive programs. Previous work on the security of interactive programs by O'Neill, Clarkson and Chong (CSFW 2006) builds on earlier ideas due to Wittbold and Johnson (Symposium on Security and Privacy 1990), and argues for a notion of NI defined in terms of strategies modelling the behaviour of users. We show that, for deterministic interactive programs, it is not necessary to consider strategies and that a simple stream model of the users' behaviour is sufficient. The key technical result is that, for deterministic programs, stream-based NI implies the apparently more general strategy-based NI (in fact we consider a wider class of strategies than those of O'Neill et al). We give our results in terms of a simple notion of Input-Output Labelled Transition System, thus allowing application of the results to a large class of deterministic interactive programming languages
On the Decidability of Non Interference over Unbounded Petri Nets
Non-interference, in transitive or intransitive form, is defined here over
unbounded (Place/Transition) Petri nets. The definitions are adaptations of
similar, well-accepted definitions introduced earlier in the framework of
labelled transition systems. The interpretation of intransitive
non-interference which we propose for Petri nets is as follows. A Petri net
represents the composition of a controlled and a controller systems, possibly
sharing places and transitions. Low transitions represent local actions of the
controlled system, high transitions represent local decisions of the
controller, and downgrading transitions represent synchronized actions of both
components. Intransitive non-interference means the impossibility for the
controlled system to follow any local strategy that would force or dodge
synchronized actions depending upon the decisions taken by the controller after
the last synchronized action. The fact that both language equivalence and
bisimulation equivalence are undecidable for unbounded labelled Petri nets
might be seen as an indication that non-interference properties based on these
equivalences cannot be decided. We prove the opposite, providing results of
decidability of non-interference over a representative class of infinite state
systems.Comment: In Proceedings SecCo 2010, arXiv:1102.516
Opacity with Orwellian Observers and Intransitive Non-interference
Opacity is a general behavioural security scheme flexible enough to account
for several specific properties. Some secret set of behaviors of a system is
opaque if a passive attacker can never tell whether the observed behavior is a
secret one or not. Instead of considering the case of static observability
where the set of observable events is fixed off line or dynamic observability
where the set of observable events changes over time depending on the history
of the trace, we consider Orwellian partial observability where unobservable
events are not revealed unless a downgrading event occurs in the future of the
trace. We show how to verify that some regular secret is opaque for a regular
language L w.r.t. an Orwellian projection while it has been proved undecidable
even for a regular language L w.r.t. a general Orwellian observation function.
We finally illustrate relevancy of our results by proving the equivalence
between the opacity property of regular secrets w.r.t. Orwellian projection and
the intransitive non-interference property
On interference and non-interference in the SMEFT
We discuss interference in the limit in the
Standard Model Effective Field Theory (SMEFT). Dimension six operators that
contribute to scattering events can experience a suppression of interference effects
with the Standard Model in this limit. This occurs for subsets of phase space
in some helicity configurations. We show that approximating these scattering
events by on-shell scattering results for intermediate
unstable gauge bosons, and using the narrow width approximation, can miss
interference terms present in the full phase space. Such interference terms can
be uncovered using off-shell calculations as we explicitly show and calculate.
We also study the commutation relation between the SMEFT expansion and the
narrow width approximation, and discuss some phenomenological implications of
these results.Comment: 19 pages, 3 figures. Updated to published JHEP versio
Liberal approaches to ranking infinite utility streams: When can we avoid interferences?
In this work we analyse social welfare relations on sets of infinite utility streams that verify various types of liberal non-interference principles. Earlier contributions have established that (finitely) anonymous and strongly Paretian quasiorderings exist that agree with axioms of that kind together with weak preference continuity and further consistency. Nevertheless Mariotti and Veneziani prove that a fully liberal non-interfering view of a finite society leads to dictatorship if weak Pareto optimality is imposed. We first prove that extending the horizon to infinity produces a reversal of such impossibility result. Then we investigate a related problem: namely, the possibility of combining “standard” semicontinuity with efficiency in the presence of non-interference. We provide several impossibility results that prove that there is a generalised incompatibility between continuity and non-interference principles, both under ordinal and cardinal views of the problem. Our analysis ends with some insights on the property of representability in the presence of non-interference assumptions. In particular we prove that all social welfare functions that verify a very mild efficiency property must exert some interference (penalising both adverse and favorable changes) on the affairs of particular generations.Pareto axiom; Intergenerational justice; Social welfare relation; Non-interference; Continuity
Distributed Non-Interference
Information flow security properties were defined some years ago (see, e.g.,
the surveys \cite{FG01,Ry01}) in terms of suitable equivalence checking
problems. These definitions were provided by using sequential models of
computations (e.g., labeled transition systems \cite{GV15}), and interleaving
behavioral equivalences (e.g., bisimulation equivalence \cite{Mil89}). More
recently, the distributed model of Petri nets has been used to study
non-interference in \cite{BG03,BG09,BC15}, but also in these papers an
interleaving semantics was used. We argue that in order to capture all the
relevant information flows, truly-concurrent behavioral equivalences must be
used. In particular, we propose for Petri nets the distributed non-interference
property, called DNI, based on {\em branching place bisimilarity}
\cite{Gor21b}, which is a sensible, decidable equivalence for finite Petri nets
with silent moves. Then we focus our attention on the subclass of Petri nets
called {\em finite-state machines}, which can be represented (up to
isomorphism) by the simple process algebra CFM \cite{Gor17}. DNI is very easily
checkable on CFM processes, as it is compositional, so that it does does not
suffer from the state-space explosion problem. Moreover, we show that DNI can
be characterized syntactically on CFM by means of a type system
A unifying Petri net model of non-interference and non-deducibility information flow security
In this paper we introduce FIFO Information Flow Nets (FIFN) as a model for describing information flow security properties. The FIFN is based on Petri nets and has been derived from the work described in [Var89], [Var90] and [Rou86]. Using this new model, we present the information flow security properties Non-Interference between Places (which corresponds to Non-Interference) and Non-Deducibility on Views (which corresponds to Non-Deducibility on Inputs). Then we consider a very general composition operation and show that neither Non-Interference on Places nor Non-Deducibility on Views is preserved under this composition operation. This leads us to a new definition of information flow security referred to as the Feedback Non-Deducibility on Views. We then show that this definition is preserved under the composition operation. This leads us to a new definition of information flow security referred to as the Feedback Non-Deducibility on Views. We then show that this definition is preserved under the composition operation. We then show some similarities between this property and the notion of Non-Deducibility on Strategies
- …