The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
A General Theory of Composition for a Class of "Possibilistic" Properties
IEEE Transactions on Software Engineering
Modeling and verification of randomized distributed real-time systems
Modeling and verification of randomized distributed real-time systems
A probabilistic poly-time framework for protocol analysis
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A calculus for cryptographic protocols
Information and Computation
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Polynomial Time Algorithms for Testing Probabilistic Bisimulation and Simulation
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
FME '01 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity
Modelling and verifying key-exchange protocols using CSP and FDR
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Possibilistic Definitions of Security - An Assembly Kit
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
CSP and determinism in security modelling
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
CONCUR 2005 - Concurrency Theory
Epistemic Strategies and Games on Concurrent Processes
SOFSEM '09 Proceedings of the 35th Conference on Current Trends in Theory and Practice of Computer Science
Time-bounded task-PIOAs: a framework for analyzing security protocols
DISC'06 Proceedings of the 20th international conference on Distributed Computing
Analysis of an electronic voting protocol in the applied pi calculus
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Making random choices invisible to the scheduler
CONCUR'07 Proceedings of the 18th international conference on Concurrency Theory
Making random choices invisible to the scheduler
Information and Computation
Weak bisimulation for Probabilistic Timed Automata
Theoretical Computer Science
Epistemic Strategies and Games on Concurrent Processes
ACM Transactions on Computational Logic (TOCL)
Information flow in systems with schedulers, Part II: Refinement
Theoretical Computer Science
| Hi-index | 0.00 |
Bisimulation between processes has been proven a successful method for formalizing security properties. We argue that in certain cases, a scheduler that has full information on the process and collaborates with the attacker can allow him to distinguish two processes even though they are bisimilar. This phenomenon is related to the issue that bisimilarity is not preserved by refinement. As a solution, we introduce a finer variant of bisimulation in which processes are required to simulate each other under the "same" scheduler. We formalize this notion in a variant of CCS with explicit schedulers and show that this new bisimilarity can be characterized by a refinement-preserving traditional bisimilarity. Using a third characterization of this equivalence, we show how to verify it for finite systems. We then apply the new equivalence to anonymity and show that it implies strong probabilistic anonymity, while the traditional bisimulation does not. Finally, to illustrate the usefulness of our approach, we perform a compositional analysis of the Dining Cryptographers with a non-deterministic order of announcements and for an arbitrary number of cryptographers.