Non-interference in Partial Order Models

2015 15th International Conference on Application of Concurrency to System Design Pub Date : 2015-06-21 DOI:10.1145/2984639

B. Bérard, L. Hélouët, J. Mullins

{"title":"Non-interference in Partial Order Models","authors":"B. Bérard, L. Hélouët, J. Mullins","doi":"10.1145/2984639","DOIUrl":null,"url":null,"abstract":"Non-interference (NI) is a property of systems stating that confidential actions should not cause effects observable by unauthorized users. Several variants of NI have been studied for many types of models, but rarely for true concurrency or unbounded models. This work investigates NI for High-level Message Sequence Charts (HMSC), a scenario language for the description of distributed systems, based on composition of partial orders. We first propose a general definition of security properties in terms of equivalence among observations, and show that these properties, and in particular NI are undecidable for HMSCs. We hence consider weaker local properties, describing situations where a system is attacked by a single agent, and show that local NI is decidable. We then refine local NI to a finer notion of causal NI that emphasizes causal dependencies between confidential actions and observations, and extend it to causal NI with (selective) declassification of confidential events. Checking whether a system satisfies local and causal NI and their declassified variants are PSPACE-complete problems.","PeriodicalId":162527,"journal":{"name":"2015 15th International Conference on Application of Concurrency to System Design","volume":"128 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 15th International Conference on Application of Concurrency to System Design","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2984639","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Non-interference (NI) is a property of systems stating that confidential actions should not cause effects observable by unauthorized users. Several variants of NI have been studied for many types of models, but rarely for true concurrency or unbounded models. This work investigates NI for High-level Message Sequence Charts (HMSC), a scenario language for the description of distributed systems, based on composition of partial orders. We first propose a general definition of security properties in terms of equivalence among observations, and show that these properties, and in particular NI are undecidable for HMSCs. We hence consider weaker local properties, describing situations where a system is attacked by a single agent, and show that local NI is decidable. We then refine local NI to a finer notion of causal NI that emphasizes causal dependencies between confidential actions and observations, and extend it to causal NI with (selective) declassification of confidential events. Checking whether a system satisfies local and causal NI and their declassified variants are PSPACE-complete problems.

查看原文本刊更多论文

偏阶模型中的非干涉性

非干扰性(NI)是系统的一种属性，说明机密操作不应引起未授权用户可观察到的影响。NI的几种变体已经针对许多类型的模型进行了研究，但很少针对真正的并发性或无界模型。这项工作研究了NI用于高级消息序列图(HMSC)，这是一种用于描述分布式系统的场景语言，基于部分顺序的组合。我们首先根据观察值之间的等价性提出了安全属性的一般定义，并表明这些属性，特别是NI对于HMSCs是不可确定的。因此，我们考虑较弱的局部属性，描述系统被单个代理攻击的情况，并表明局部NI是可决定的。然后，我们将局部NI细化为一个更精细的因果NI概念，强调机密行为和观察之间的因果依赖关系，并通过(选择性)解密机密事件将其扩展为因果NI。检查系统是否满足局部和因果NI以及它们的解密变体是pspace完全问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 15th International Conference on Application of Concurrency to System Design

自引率

0.00%

发文量