The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
Knowledge and common knowledge in a distributed environment
Journal of the ACM (JACM)
Reasoning about knowledge
A semantic approach to secure information flow
Science of Computer Programming - Special issue on mathematics of program construction
Program development by stepwise refinement
Communications of the ACM
An axiomatic basis for computer programming
Communications of the ACM
A Discipline of Programming
Refinement Calculus: A Systematic Introduction
Refinement Calculus: A Systematic Introduction
A Per Model of Secure Information Flow in Sequential Programs
Higher-Order and Symbolic Computation
Possibilistic Definitions of Security - An Assembly Kit
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Information transmission in computational systems
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Decentralization of process nets with centralized control
PODC '83 Proceedings of the second annual ACM symposium on Principles of distributed computing
Preserving Information Flow Properties under Refinement
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
The shadow knows: refinement of ignorance in sequential programs
MPC'06 Proceedings of the 8th international conference on Mathematics of Program Construction
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
The Secret Art of Computer Programming
ICTAC '09 Proceedings of the 6th International Colloquium on Theoretical Aspects of Computing
How to Brew-up a Refinement Ordering
Electronic Notes in Theoretical Computer Science (ENTCS)
Security, Probability and Nearly Fair Coins in the Cryptographers' Café
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Sums and Lovers: Case Studies in Security, Compositionality and Refinement
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Compositional closure for Bayes Risk in probabilistic noninterference
ICALP'10 Proceedings of the 37th international colloquium conference on Automata, languages and programming: Part II
On modelling user observations in the UTP
UTP'10 Proceedings of the Third international conference on Unifying theories of programming
Unifying theories of confidentiality
UTP'10 Proceedings of the Third international conference on Unifying theories of programming
Specifying confidentiality in circus
FM'11 Proceedings of the 17th international conference on Formal methods
Elementary probability theory in the eindhoven style
MPC'12 Proceedings of the 11th international conference on Mathematics of Program Construction
| Hi-index | 0.00 |
Stepwise refinement is a crucial conceptual tool for system development, encouraging program construction via a number of separate correctness-preserving stages which ideally can be understood in isolation. A crucial conceptual component of security is an adversary's ignorance of concealed information. We suggest a novel method of combining these two ideas. Our suggestion is based on a mathematical definition of ''ignorance-preserving'' refinement that extends classical refinement by limiting an adversary's access to concealed information: moving from specification to implementation should never increase that access. The novelty is the way we achieve this in the context of sequential programs. Specifically we give an operational model (and detailed justification for it), a basic sequential programming language and its operational semantics in that model, a ''logic of ignorance'' interpreted over the same model, then a program-logical semantics bringing those together - and finally we use the logic to establish, via refinement, the correctness of a real (though small) protocol: Rivest's Oblivious Transfer. A previous report^@? treated Chaum's Dining Cryptographers similarly. In passing we solve the Refinement Paradox for sequential programs.