Towards Information Flow Properties for Distributed Systems

Authors:
Roberto Gorrieri;Fabio Martinelli;Ilaria Matteucci
Affiliations:
Università di Bologna, Bologna, Italy;Istituto di Informatica e Telematica - C.N.R., Pisa, Italy;Istituto di Informatica e Telematica - C.N.R., Pisa, Italy and CREATE-NET, Trento, Italy
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2009

Citing 12
Cited 1

The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties

IEEE Transactions on Software Engineering
The tile model

Proof, language, and interaction
Communication and Concurrency

Communication and Concurrency
Analysis of security protocols as open systems

Theoretical Computer Science
Classification of Security Properties (Part I: Information Flow)

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Partial Model Checking and Theorem Proving for Ensuring Security Properties

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Process Algebra and Non-interference

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Information Flow Security in Dynamic Contexts

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Semantic models for information flow

Theoretical Computer Science - Mathematical foundations of programming semantics
Information flow in secure contexts

Journal of Computer Security
Synthesis of Local Controller Programs for Enforcing Global Security Properties

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Real-time information flow analysis

IEEE Journal on Selected Areas in Communications

Probing attacks on multi-agent systems using electronic institutions

DALT'11 Proceedings of the 9th international conference on Declarative Agent Languages and Technologies

Quantified Score

Hi-index	0.01

Visualization

Abstract

In this paper we present a framework for the specification of information flow properties for distributed systems. We consider partially specified distributed systems in which there are several unspecified components located in different places. As a case study, in this paper we consider the notion of Non Deducibility on Composition, NDC for short, originally proposed for nondeterministic systems and based on trace semantics. We study how this information flow property can be extended in order to deal also with distributed partially specified systems. In particular, we adapt the NDC property to distributed systems by distinguishing between two different approaches. The first one we call centralized NDC, according to which there is just one unspecified global component that has complete control of the n distributed locations where interaction occurs between the system and the unspecified component. The second one is called distributed NDC, according to which there is one unspecified component for each distributed location, and the n unspecified components are completely independent, i.e., they cannot coordinate or cooperate each other. Surprisingly enough, we prove that centralized NDC is as discriminating as decentralized NDC. However, when we move to Bisimulation-based Non-Deducibility on Composition, BNDC for short, the situation is completely different. Indeed, we prove that centralized BNDC is strictly finer than decentralized BNDC, hence proving the quite expected fact that a system that can resist to coordinated attacks is also able to resist to simpler attacks performed by independent entities.