The Inductive Unwinding Theorem for CSP Noninterference Security
نویسنده
چکیده
The necessary and sufficient condition for CSP noninterference security stated by the Ipurge Unwinding Theorem is expressed in terms of a pair of event lists varying over the set of process traces. This does not render it suitable for the subsequent application of rule induction in the case of a process defined inductively, since rule induction may rather be applied to a single variable ranging over an inductively defined set. Starting from the Ipurge Unwinding Theorem, this paper derives a necessary and sufficient condition for CSP noninterference security that involves a single event list varying over the set of process traces, and is thus suitable for rule induction; hence its name, Inductive Unwinding Theorem. Similarly to the Ipurge Unwinding Theorem, the new theorem only requires to consider individual accepted and refused events for each process trace, and applies to the general case of a possibly intransitive noninterference policy. Specific variants of this theorem are additionally proven for deterministic processes and trace set processes.
منابع مشابه
The Generic Unwinding Theorem for CSP Noninterference Security
The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such ...
متن کاملThe Ipurge Unwinding Theorem for CSP Noninterference Security
The definition of noninterference security for Communicating Sequential Processes requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. In order to render the verification of the security of a process more straightforward, there is a need of some suf...
متن کاملNoninterference , Transitivity , and Channel - Control Security Policies 1
We consider noninterference formulations of security policies [7] in which the “interferes” relation is intransitive. Such policies provide a formal basis for several real security concerns, such as channel control [17, 18], and assured pipelines [4]. We show that the appropriate formulation of noninterference for the intransitive case is that developed by Haigh and Young for “multidomain secur...
متن کاملCoinductive Unwinding of Security-Relevant Hyperproperties
Unwinding relations have been widely used to prove that finite systems are secure with respect to a variety of noninterference policies. The latter are prominent instances of security-relevant hyperproperties. As hyperproperties are defined on potentially infinite systems, a new mathematical development is needed in order to (re)use unwinding relations for generic verification of security-relev...
متن کاملCoinductive unwinding of security-relevant hyperproperties: extended version
Unwinding relations have been widely used to prove that finite systems are secure with respect to a variety of noninterference policies. The latter are prominent instances of security-relevant hyperproperties. As hyperproperties are defined on potentially infinite systems, a new mathematical development is needed in order to (re)use unwinding relations for generic verification of securityreleva...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Archive of Formal Proofs
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015