Modelling downgrading in information flow security

Bossi, Annalisa; Piazza, Carla; Rossi, Sabina

doi:10.1109/csfw.2004.1310741

Cited by 26 publications

(39 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This work deals with the persistence dimension, but it is not clear how to generalize the definitions to policies richer than HDL. Gorrieri and Vernali [9] define similar notions of noninterference for the H → L and HDL policies on labelled transition systems and elementary Petri nets: the emphasis here is on the particularities of these semantic models rather than essential novelty in the semantics of security, where they essentially follow [5].…”

Section: Related Workmentioning

confidence: 99%

“…Bismulation-based definitions of security (an approach that is closely related to unwinding) are considered in the context of the very specific intransitive policy HDL in [5]. This work deals with the persistence dimension, but it is not clear how to generalize the definitions to policies richer than HDL.…”

Section: Related Workmentioning

confidence: 99%

“…Examples such as this can be addressed using the notion of persistence, which has been factored into a number of definitions in the literature [5,6,18].…”

Section: Persistencementioning

confidence: 99%

See 2 more Smart Citations

Intransitive noninterference in nondeterministic systems

Engelhardt

Meyden

Zhang

2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

This paper addresses the question of how TA-security, a semantics for intransitive information-flow policies in deterministic systems, can be generalized to nondeterministic systems. Various definitions are proposed, including definitions that state that the system enforces as much of the policy as possible in the context of attacks in which groups of agents collude by sharing information through channels that lie outside the system. Relationships between the various definitions proposed are characterized, and an unwindingbased proof technique is developed. Finally, it is shown that on a specific class of systems, access control systems with local nondeterminism, the strongest definition can be verified by checking a simple static property.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Intransitive noninterference in nondeterministic systems

Engelhardt

Meyden

Zhang

2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Nevertheless, they are more suitable in contexts with partial trust, where it would be not realistic to assume that attackers are well typed in a strong way. Interestingly, we can increase the flexibility of our approach by admitting mechanisms for downgrading or declassifying information as done in [3] for CCS. This would allow the process h().ℓ to be deemed secure by declassifying the high action h().…”

Section: Conclusion and Related Workmentioning

confidence: 99%

A Theory of Noninterference for the π-Calculus

Crafa

Rossi

2005

Trustworthy Global Computing

View full text Add to dashboard Cite

Abstract. We develop a theory of noninterference for a typed version of the π-calculus where types are used to assign secrecy levels to channels. We provide two equivalent characterizations of noninterference based on a typed behavioural equivalence relative to a security level σ, which captures the idea of external observers of level σ. The first characterization involves a universal quantification over all the possible active attacks, i.e., malicious processes which interact with the system possibly leaking secret information. The second definition of noninterference is expressed in terms of an unwinding condition, which deals with so-called passive attacks trying to infer confidential information just by observing the behaviour of the system. This unwinding-based characterization naturally leads to efficient methods for the verification and construction of (compositional) secure systems. Furthermore, we characterize noninterference in terms of bisimulation-like (partial) equivalence relations in the style of a stream of similar studies for other process calculi (e.g., CCS and CryptoSPA) and languages (e.g., imperative and multi-threaded languages).

show abstract

“…Mantel and Sand [7] have proposed to introduce a programming annotation for downgrading. Bossi et al [16] develop a theory of downgrading grounded in simulation-based notions of unwinding. Sabelfeld and Sands [17] lay out some general principles and direction for research in this area.…”

Section: Introductionmentioning

confidence: 99%