Probabilistic Noninterference for Multi-Threaded Programs
نویسندگان
چکیده
We present a probability-sensitive confidentiality specification – a form of probabilistic noninterference – for a small multi-threaded programming language with dynamic thread creation. Probabilistic covert channels arise from a scheduler which is probabilistic. Since scheduling policy is typically outside the language specification for multithreaded languages, we describe how to generalise the security condition in order to define robust security with respect to a wide class of schedulers, not excluding the possibility of deterministic (e.g., round-robin) schedulers and program-controlled thread priorities. The formulation is based on an adaptation of Larsen and Skou’s notion of probabilistic bisimulation. We show how the security condition satisfies compositionality properties which facilitate straightforward proofs of correctness for, e.g., security type systems. We illustrate this by defining a security type system which improves on previous multi-threaded systems, and by proving it correct with respect to our stronger schedulerindependent security condition.
منابع مشابه
nement Properties for Multi Threaded Programs
Given a program that has access to some private information how can we ensure that it does not improperly leak the information We formalize the desired security property as a property called noninterference We discuss versions of noninterference appropriate for multi threaded programs with probabilistic scheduling and describe rules for ensuring noninterference
متن کاملConfinement Properties for Multi-Threaded Programs
Given a program that has access to some private information, how can we ensure that it does not improperly leak the information? We formalize the desired security property as a property called noninterference. We discuss versions of noninterference appropriate for multi-threaded programs with probabilistic scheduling and describe rules for ensuring noninterference.
متن کاملVerifying Weak Probabilistic Noninterference
Weak probabilistic noninterference is a security property for enforcing confidentiality in multi-threaded programs. It aims to guarantee secure flow of information in the program and ensure that sensitive information does not leak to attackers. In this paper, the problem of verifying weak probabilistic noninterference by leveraging formal methods, in particular algorithmic verification, is disc...
متن کاملWeak Probabilistic Bisimulation for Secure Information Flow
This paper proposes a notion of weak probabilistic bisimulation for Markov chains and shows how it can be used to justify the correctness of a recentlypublished type system for secure information flow. The type system guarantees that well-typed multi-threaded programs running under a uniform probabilistic scheduler satisfy the probabilistic noninterference property.
متن کاملProbabilistic Noninterference
We formalize a probabilistic noninterference for a multi-threaded language with uniform scheduling, where probabilistic behaviour comes from both the scheduler and the individual threads. We define notions probabilistic noninterference in two variants: resumption-based and trace-based. For the resumption-based notions, we prove compositionality w.r.t. the language constructs and establish sound...
متن کامل