Information Flow, Distributed Systems, and Refinement, by Example

详细信息    查看全文

• 刊名：Lecture Notes in Computer Science
• 出版年：2017
• 出版时间：2017
• 年：2017
• 卷：10160
• 期：1
• 页码：88-103
• 参考文献：1.Focardi, R., Gorrieri, R.: The compositional security checker: a tool for the verification of information flow security properties. IEEE Trans. Softw. Eng. 23(9), 550–571 (1997)CrossRef
  2.Focardi, R., Gorrieri, R.: Classification of security properties. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001). doi:10.​1007/​3-540-45608-2_​6 CrossRef
  3.Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy (1982)
  4.Guttman, J.D., Rowe, P.D.: A cut principle for information flow. In: IEEE Computer Security Foundations. IEEE Computer Society Press, July 2015
  5.Intel: Intel Software Guard Extensions (Intel SGX) (2016). https://​software.​intel.​com/​en-us/​sgx
  6.Jacob, J.: Security specifications. In: IEEE Symposium on Security and Privacy, pp. 14–23. IEEE Computer Society (1988)
  7.Morgan, C.: The Shadow Knows: refinement of ignorance in sequential programs. In: Uustalu, T. (ed.) MPC 2006. LNCS, vol. 4014, pp. 359–378. Springer, Heidelberg (2006). doi:10.​1007/​11783596_​21 CrossRef
  8.Roscoe, A.W.: CSP and determinism in security modelling. In: IEEE Security and Privacy, pp. 114–127. IEEE (1995)
  9.Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Upper Saddle River (1997)
  10.Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference? In: 12th IEEE Computer Security Foundations Workshop, pp. 228–238. IEEE CS Press, June 1999
  11.Roscoe, A.W., Woodcock, J.C.P., Wulf, L.: Non-interference through determinism. J. Comput. Secur. 4, 27–53 (1996)CrossRef
  12.Rushby, J.: Noninterference, transitivity, and channel-control security policies. SRI International, Computer Science Laboratory (1992)
  13.Ryan, P.Y.A.: A CSP formulation of noninterference and unwinding. IEEE CSFW 3, 19–30 (1990)
  14.Sabelfeld, A., Sands, D.: Declassification: dimensions and principles. J. Comput. Secur. 17(5), 517–548 (2009)CrossRef
  15.Sutherland, D.: A model of information. In: 9th National Computer Security Conference. National Institute of Standards and Technology (1986)
  
• 作者单位：Joshua D. Guttman (16) (17)
  
  16. The MITRE Corporation, Bedford, Massachusetts, USA
  17. Worcester Polytechnic Institute, Worcester, Massachusetts, USA
  
• 丛书名：Concurrency, Security, and Puzzles
• ISBN：978-3-319-51046-0
• 卷排序：10160

文摘

Non-interference is one of the foundational notions of security stretching back to Goguen and Meseguer [3]. Roughly, a set of activities C is non-interfering with a set D if any possible behavior at D is compatible with anything that could have occurred at C. One also speaks of “no information flow” from C to D in this case. Many hands further developed the idea and its variants (e.g. [12, 15]), which also flourished within the process calculus context [1, 2, 6, 13]. A.W. Roscoe contributed a characteristically distinctive idea to this discussion, in collaboration with J. Woodcock and L. Wulf. The idea was that a system is secure for flow from C to D when, after hiding behaviors at the source C, the destination D experiences the system as deterministic [8, 11]. In the CSP tradition, a process is deterministic if, after engaging in a sequence t of events, it can refuse an event a, then it always refuses the event a after engaging in t [9].