Probabilistic noninterference for multi-threaded programs

Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13 Pub Date : 2000-07-03 DOI:10.1109/CSFW.2000.856937

A. Sabelfeld, David Sands

{"title":"Probabilistic noninterference for multi-threaded programs","authors":"A. Sabelfeld, David Sands","doi":"10.1109/CSFW.2000.856937","DOIUrl":null,"url":null,"abstract":"We present a probability-sensitive confidentiality specification-a form of probabilistic noninterference-for a small multi-threaded programming language with dynamic thread creation. Probabilistic covert channels arise from a scheduler which is probabilistic. Since scheduling policy is typically outside the language specification for multi-threaded languages, we describe how to generalise the security condition in order to define how to generalise the security condition in order to define robust security with respect to a wide class of schedulers, not excluding the possibility of deterministic (e.g., round-robin) schedulers and program-controlled thread priorities. The formulation is based on an adaptation of Larsen and Skou's (1991) notion of probabilistic bisimulation. We show how the security condition satisfies compositionality properties which facilitate straightforward proofs of correctness for, e.g., security type systems. We illustrate this by defining a security type system which improves on previous multi-threaded systems, and by proving it correct with respect to our stronger scheduler-independent security condition.","PeriodicalId":377637,"journal":{"name":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2000-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"342","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.2000.856937","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 342

Abstract

We present a probability-sensitive confidentiality specification-a form of probabilistic noninterference-for a small multi-threaded programming language with dynamic thread creation. Probabilistic covert channels arise from a scheduler which is probabilistic. Since scheduling policy is typically outside the language specification for multi-threaded languages, we describe how to generalise the security condition in order to define how to generalise the security condition in order to define robust security with respect to a wide class of schedulers, not excluding the possibility of deterministic (e.g., round-robin) schedulers and program-controlled thread priorities. The formulation is based on an adaptation of Larsen and Skou's (1991) notion of probabilistic bisimulation. We show how the security condition satisfies compositionality properties which facilitate straightforward proofs of correctness for, e.g., security type systems. We illustrate this by defining a security type system which improves on previous multi-threaded systems, and by proving it correct with respect to our stronger scheduler-independent security condition.

查看原文本刊更多论文

多线程程序的概率不干扰

我们提出了一种概率敏感的机密性规范——一种概率不干扰的形式——用于具有动态线程创建的小型多线程编程语言。概率隐蔽信道产生于一个概率性的调度程序。由于调度策略通常在多线程语言的语言规范之外，我们描述了如何泛化安全条件，以便定义如何泛化安全条件，以便针对广泛的调度器定义健壮的安全性，不排除确定性(例如，循环)调度器和程序控制的线程优先级的可能性。该公式是基于Larsen和Skou(1991)的概率双模拟概念的改编。我们展示了安全条件如何满足组合性属性，这些属性有助于直接证明安全性类型系统的正确性。我们通过定义一个安全类型系统来说明这一点，该系统改进了以前的多线程系统，并通过证明它符合我们更强的与调度程序无关的安全条件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13

自引率

0.00%

发文量