We address the problem of controlling information leakage in a concurrent declarative programming setting. Our aim is to define formal tools in order to distinguish between authorized, or declared, information flows such as password testing (e.g., ATM, login processes, etc.) and non-authorized ones. We propose to define security policies as rewriting systems. Such policies define how the privacy levels of information evolve. A formal definition of secure processes with respect to a given security policy is given.
Non interferenceThe problem of the preservation of the confidentiality of data is nowadays a prominent feature of computer systems. This is especially true in a context where programs and data may move around using communication networks. The usual theoretical approach of this problem, initiated by Goguen and Meseguer in [7], uses the notion of non-interference. A great deal of work has been done along these lines. A common feature of these works is that they consider information leakage from a very strict point of view despite the fact that in real world applications, such absolute non-interference properties can hardly be obtained e.g., [12]. The notion of approximate non-interference e.g., [11,10], along with declassification and other weakenings of non-interference e.g., [15,6] have been only recently investigated. Following this line of study, we propose a formalization in which the user may declare its security policy. The idea is that the user may declare that some functions are allowed to provoke information leakage. We call such functions declassifying functions. This formalization extends previous works in the expressivity of security policies.A typical example of declassifying functions is given by