Semantic Models for Confidentiality
Andrei Sabelfeld
Joint work with David Sands
Department of Computer Science, Chalmers University of Technology,
Sweden
Abstract:
The problem of confidentiality, or determining what constitutes a
secure information flow in a system, is a complex one. As observed by
Ryan and Schneider, "this central concept [confidentiality] in
information security is closely related to a central concept in
computer science: that of the equivalence of systems". In a setting of
program confidentiality, whether or not a difference in a program's
behaviour is observable by a low-level observer as the sensitive data
is varied, determines whether or not the program is insecure. Indeed,
this observational view induces an equivalence relation on program
behaviours in the attacker's view.
This talk presents a formalisation of the attacker's view by the
mathematical machinery of partial equivalence relations in case of
sequential programs (covering nondeterminism and probabilistic
channels) and bisimulations in case of concurrent programs (covering
timing and probabilistic channels). In both cases, we arrive at
compositional security specifications which facilitates
straightforward soundness proofs for compositional security analyses
such as type-based analyses.
Back to schedule.
Marieke Huisman
Last modified: Mon Apr 23 2001