skip to main content
research-article

Non-interference in Partial Order Models

Published:19 December 2016Publication History
Skip Abstract Section

Abstract

Non-interference (NI) is a property of systems stating that confidential actions should not cause effects observable by unauthorized users. Several variants of NI have been studied for many types of models but rarely for true concurrency or unbounded models. This work investigates NI for High-level Message Sequence Charts (HMSCs), a scenario language for the description of distributed systems, based on composition of partial orders. We first propose a general definition of security properties in terms of equivalence among observations of behaviors. Observations are naturally captured by partial order automata, a formalism that generalizes HMSCs and permits assembling partial orders. We show that equivalence or inclusion properties for HMSCs (and hence for partial order automata) are undecidable, which means in particular that NI is undecidable for HMSCs. We hence consider decidable subclasses of partial order automata and HMSCs. Finally, we define weaker local properties, describing situations where a system is attacked by a single agent, and show that local NI is decidable. We then refine local NI to a finer notion of causal NI that emphasizes causal dependencies between confidential actions and observations and extend it to causal NI with (selective) declassification of confidential events. Checking whether a system satisfies local and causal NI and their declassified variants are PSPACE-complete problems.

References

  1. C. Aiswarya, P. Gastin, and K. Narayan Kumar. 2014. Verifying communicating multi-pushdown systems via split-width. In Proc. of 12th Int. Symposium on Automated Technology for Verification and Analysis (ATVA'14) (LNCS), Vol. 8837. 1--17. Google ScholarGoogle ScholarCross RefCross Ref
  2. R. Alur and M. Yannakakis. 1999. Model checking of message sequence charts. In Proc. of 10th Int. Conf. on Concurrency Theory (CONCUR’99) (LNCS), Vol. 1664. 114--129. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. P. Baldan and A. Carraro. 2014. Non-interference by unfolding. In 35th Int. Conf. on Application and Theory of Petri Nets and Concurrency (PETRI NETS’14) (LNCS), Vol. 8489. 190--209. Google ScholarGoogle ScholarCross RefCross Ref
  4. B. Bérard, L. Hélouët, and J. Mullins. 2015. Non-interference in partial order models. In Proc. of 15th Int. Conf. on Application of Concurrency to System Design (ACSD’15). IEEE Computer Society, 80--89. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. E. Best and P. Darondeau. 2012. Deciding selective declassification of Petri nets. In Proc. of 1st Int. Cong. on Principles of Security and Trust (POST’12) (LNCS), Vol. 7215. 290--308. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. E. Best, P. Darondeau, and R. Gorrieri. 2010. On the decidability of non interference over unbounded Petri nets. In Proc. of 8th International Workshop on Security Issues in Concurrency (SecCo'10), Vol. 51. 16--33.Google ScholarGoogle Scholar
  7. B. Bérard and J. Mullins. 2014. Verification of information flow properties under rational observation. In Proc. of 14th Int. Workshop on Automated Verification of Critical Systems (AVoCS'14). ECEASST 70.Google ScholarGoogle Scholar
  8. N. Busi and R. Gorrieri. 2009. Structural non-interference in elementary and trace nets. Mathematical Structures in Computer Science 19, 6 (2009), 1065--1090. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. B. Caillaud, P. Darondeau, L. Hélouët, and G. Lesventes. 2000. HMSCs en tant que Spécifications Partielles et Leurs Complétions Dans Les Réseaux de Petri. RR-3970. INRIA.Google ScholarGoogle Scholar
  10. D. D’Souza, R. Holla, K. R. Raghavendra, and B. Sprick. 2011. Model-checking trace-based information flow properties. Journal of Computer Security 19, 1 (2011), 101--138. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. R. Focardi and R. Gorrieri. 2001. Classification of security properties (Part I: Information flow). In Foundations of Security Analysis and Design (LNCS), Vol. 2171. Springer-Vale, 331--396. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. B. Genest, L. Hélouët, and A. Muscholl. 2003. High-level message sequence charts and projections. In Proc. of 14th Int. Conf. on Concurrency Theory (CONCUR'03) (LNCS), Vol. 2761. 308--322. Google ScholarGoogle ScholarCross RefCross Ref
  13. J. A. Goguen and J. Meseguer. 1982. Security policies and security models. In Proc. of IEEE Symposium on Security and Privacy. 11--20. Google ScholarGoogle ScholarCross RefCross Ref
  14. R. Gorrieri and M. Vernali. 2011. On intransitive non-interference in some models of concurrency. In Proc. of Foundations of Security Analysis and Design (FOSAD VI), Tutorial Lectures (LNCS), Vol. 6858. 125--151. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. L. Hélouët, H. Marchand, B. Genest, and T. Gazagnaire. 2014. Diagnosis from scenarios. Discrete Event Dynamic Systems 24, 4 (2014), 353--415. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. ITU-T. 2011. Z.120 : Message Sequence Charts (MSC). Technical Report. International Telecommunication Union.Google ScholarGoogle Scholar
  17. H. Mantel. 2000. Possibilistic definitions of security - an assembly kit. In Proc. of the 13th IEEE Computer Security Foundations Workshop (CSFW’00). 185--199. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. H. Mantel. 2001. Information flow control and applications - bridging a gap. In Proc. of FME’01 (LNCS), Vol. 2021. 153--172. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. F. Mattern. 1988. Time and global states of distributed systems. In Proc. Int. Workshop on Parallel and Distributed Algorithms. 215--226.Google ScholarGoogle Scholar
  20. A. Muscholl and D. Peled. 1999. Message sequence graphs and decision problems on Mazurkiewicz traces. In Proc. of 24th Int. Conf. on Mathematical Foundations of Computer Science (MFCS’99) (LNCS), M. Kutylowski, L. Pacholski, and T. Wierzbicki (Eds.), Vol. 1672. 81--91. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. A. Muscholl and D. Peled. 2000. Analyzing message sequence charts. In Proc. of 2nd Workshop on SDL and MSC (SAM’00). 3--17.Google ScholarGoogle Scholar
  22. A. Ray, B. Sengupta, and R. Cleaveland. 2004. Secure requirements elicitation through triggered message sequence charts. In Proc. of 1st int. Conf. on Distributed Computing and Internet Technology (ICDCIT'04) (LNCS), Vol. 3347. 273--282. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. J. Rushby. 1992. Noninterference, Transitivity, and Channel-control Security Policies. Technical Report CSL-92-02. SRI International.Google ScholarGoogle Scholar

Index Terms

  1. Non-interference in Partial Order Models

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!