The Inductive Unwinding Theorem for CSP Noninterference Security

نویسنده

  • Pasquale Noce
چکیده

The necessary and sufficient condition for CSP noninterference security stated by the Ipurge Unwinding Theorem is expressed in terms of a pair of event lists varying over the set of process traces. This does not render it suitable for the subsequent application of rule induction in the case of a process defined inductively, since rule induction may rather be applied to a single variable ranging over an inductively defined set. Starting from the Ipurge Unwinding Theorem, this paper derives a necessary and sufficient condition for CSP noninterference security that involves a single event list varying over the set of process traces, and is thus suitable for rule induction; hence its name, Inductive Unwinding Theorem. Similarly to the Ipurge Unwinding Theorem, the new theorem only requires to consider individual accepted and refused events for each process trace, and applies to the general case of a possibly intransitive noninterference policy. Specific variants of this theorem are additionally proven for deterministic processes and trace set processes.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The Generic Unwinding Theorem for CSP Noninterference Security

The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such ...

متن کامل

The Ipurge Unwinding Theorem for CSP Noninterference Security

The definition of noninterference security for Communicating Sequential Processes requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. In order to render the verification of the security of a process more straightforward, there is a need of some suf...

متن کامل

Noninterference , Transitivity , and Channel - Control Security Policies 1

We consider noninterference formulations of security policies [7] in which the “interferes” relation is intransitive. Such policies provide a formal basis for several real security concerns, such as channel control [17, 18], and assured pipelines [4]. We show that the appropriate formulation of noninterference for the intransitive case is that developed by Haigh and Young for “multidomain secur...

متن کامل

Coinductive Unwinding of Security-Relevant Hyperproperties

Unwinding relations have been widely used to prove that finite systems are secure with respect to a variety of noninterference policies. The latter are prominent instances of security-relevant hyperproperties. As hyperproperties are defined on potentially infinite systems, a new mathematical development is needed in order to (re)use unwinding relations for generic verification of security-relev...

متن کامل

Coinductive unwinding of security-relevant hyperproperties: extended version

Unwinding relations have been widely used to prove that finite systems are secure with respect to a variety of noninterference policies. The latter are prominent instances of security-relevant hyperproperties. As hyperproperties are defined on potentially infinite systems, a new mathematical development is needed in order to (re)use unwinding relations for generic verification of securityreleva...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • Archive of Formal Proofs

دوره 2015  شماره 

صفحات  -

تاریخ انتشار 2015