A temporal logic characterisation of observational determinism

19th IEEE Computer Security Foundations Workshop (CSFW'06) Pub Date : 2006-07-05 DOI:10.1109/CSFW.2006.6

M. Huisman, Pratik Worah, K. Sunesen

{"title":"A temporal logic characterisation of observational determinism","authors":"M. Huisman, Pratik Worah, K. Sunesen","doi":"10.1109/CSFW.2006.6","DOIUrl":null,"url":null,"abstract":"This paper studies observational determinism, a generalisation of non-interference for multi-threaded programs. Standard notions of non-interference only consider input and output of programs, but to ensure the security of multithreaded programs, one has to consider execution traces. In earlier work, Zdancewic and Myers propose to consider a multi-threaded program secure when it behaves deterministic w.r.t. its public (or low) variables, i.e. traces of public variables should not depend on private (or high) variables. This property is called observational determinism. The original definition of observational determinism still allows to reveal private data; this paper corrects this. The main contribution of this paper is a rephrasing of the definition of observational determinism in terms of a temporal logic. This allows to use standard model checking techniques to verify observational determinism, which has the advantage that the verification is automatic and precise. Moreover in case the verification fails, model checking can produce a counterexample. We characterise observational determinism in CTL* and in the polyadic modal mu-calculus. For both logics, model checking algorithms exist","PeriodicalId":131951,"journal":{"name":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","volume":"362 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"88","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"19th IEEE Computer Security Foundations Workshop (CSFW'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.2006.6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 88

Abstract

This paper studies observational determinism, a generalisation of non-interference for multi-threaded programs. Standard notions of non-interference only consider input and output of programs, but to ensure the security of multithreaded programs, one has to consider execution traces. In earlier work, Zdancewic and Myers propose to consider a multi-threaded program secure when it behaves deterministic w.r.t. its public (or low) variables, i.e. traces of public variables should not depend on private (or high) variables. This property is called observational determinism. The original definition of observational determinism still allows to reveal private data; this paper corrects this. The main contribution of this paper is a rephrasing of the definition of observational determinism in terms of a temporal logic. This allows to use standard model checking techniques to verify observational determinism, which has the advantage that the verification is automatic and precise. Moreover in case the verification fails, model checking can produce a counterexample. We characterise observational determinism in CTL* and in the polyadic modal mu-calculus. For both logics, model checking algorithms exist

查看原文本刊更多论文

观察决定论的时间逻辑特征

本文研究了观察决定论，即多线程程序不干扰的一种推广。非干扰的标准概念只考虑程序的输入和输出，但是为了确保多线程程序的安全性，必须考虑执行跟踪。在早期的工作中，zdancevic和Myers提出，当一个多线程程序的行为是确定的，即它的公共(或低)变量，即公共变量的跟踪不应该依赖于私有(或高)变量时，就认为它是安全的。这种性质被称为观察决定论。观测决定论的原始定义仍然允许揭示私人数据;本文纠正了这一点。本文的主要贡献是根据时间逻辑对观测决定论的定义进行了重新表述。这允许使用标准模型检查技术来验证观测决定论，其优点是验证是自动和精确的。此外，在验证失败的情况下，模型检查可以产生反例。我们在CTL*和多进模态mu-演算中描述了观测决定论。对于这两种逻辑，都存在模型检查算法

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

19th IEEE Computer Security Foundations Workshop (CSFW'06)

自引率

0.00%

发文量