The formalisation of security properties for computer systems raises the problem of overcoming also in a formal setting the classical view according to which confidentiality is an absolute property stating the complete absence of any unauthorised disclosure of information. In this paper, we present two formal models in which the notion of noninterference, which is at the basis of a large variety of security properties defined in the recent literature, is approximated. To this aim, the definition of indistinguishability of process behaviour is replaced by a similarity notion, which introduces a quantitative measure ε of the behavioural difference among processes. The first model relies on a programming paradigm called Probabilistic Concurrent Constraint Programming, while the second one is presented in the setting of a probabilistic process algebra. In both models, appropriate notions of distance provide information (the ε) on the security level of the system at hand, in terms of the capability of an external observer of identifying illegal interferences.

A.Aldini, M.Bravetti, A.Di Pierro, R.Gorrieri, C.Hankin, H.Wiklicky (2004). Two Formal Approaches for Approximating Noninterference Properties. BERLIN : Springer [10.1007/978-3-540-24631-2_1].

Two Formal Approaches for Approximating Noninterference Properties

BRAVETTI, MARIO;GORRIERI, ROBERTO;
2004

Abstract

The formalisation of security properties for computer systems raises the problem of overcoming also in a formal setting the classical view according to which confidentiality is an absolute property stating the complete absence of any unauthorised disclosure of information. In this paper, we present two formal models in which the notion of noninterference, which is at the basis of a large variety of security properties defined in the recent literature, is approximated. To this aim, the definition of indistinguishability of process behaviour is replaced by a similarity notion, which introduces a quantitative measure ε of the behavioural difference among processes. The first model relies on a programming paradigm called Probabilistic Concurrent Constraint Programming, while the second one is presented in the setting of a probabilistic process algebra. In both models, appropriate notions of distance provide information (the ε) on the security level of the system at hand, in terms of the capability of an external observer of identifying illegal interferences.
2004
Foundations of Security Analysis and Design II, FOSAD 2001/2002 Tutorial Lectures
1
43
A.Aldini, M.Bravetti, A.Di Pierro, R.Gorrieri, C.Hankin, H.Wiklicky (2004). Two Formal Approaches for Approximating Noninterference Properties. BERLIN : Springer [10.1007/978-3-540-24631-2_1].
A.Aldini; M.Bravetti; A.Di Pierro; R.Gorrieri; C.Hankin; H.Wiklicky
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/6518
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 22
  • ???jsp.display-item.citation.isi??? 10
social impact