Semantic Models for Confidentiality

Andrei Sabelfeld

Joint work with David Sands

Department of Computer Science, Chalmers University of Technology, Sweden

Abstract: The problem of confidentiality, or determining what constitutes a secure information flow in a system, is a complex one. As observed by Ryan and Schneider, "this central concept [confidentiality] in information security is closely related to a central concept in computer science: that of the equivalence of systems". In a setting of program confidentiality, whether or not a difference in a program's behaviour is observable by a low-level observer as the sensitive data is varied, determines whether or not the program is insecure. Indeed, this observational view induces an equivalence relation on program behaviours in the attacker's view. This talk presents a formalisation of the attacker's view by the mathematical machinery of partial equivalence relations in case of sequential programs (covering nondeterminism and probabilistic channels) and bisimulations in case of concurrent programs (covering timing and probabilistic channels). In both cases, we arrive at compositional security specifications which facilitates straightforward soundness proofs for compositional security analyses such as type-based analyses.

Back to schedule.


Marieke Huisman
Last modified: Mon Apr 23 2001