The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Causal Ambiguity and Partial Orders in Event Structures
CONCUR '97 Proceedings of the 8th International Conference on Concurrency Theory
An introduction to event structures
Linear Time, Branching Time and Partial Order in Logics and Models for Concurrency, School/Workshop
Composing and decomposing systems under security properties
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Preserving Information Flow Properties under Refinement
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Preserving secrecy under refinement
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Provable Security: how feasible is it?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Extensible specifications for automatic re-use of specifications and proofs
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Hi-index | 0.00 |
Refinement-closed security properties allow the verification of systems for all possible implementations. Some systems, however, have refinements that do not represent possible implementations. In particular, real instantiations of abstract systems comprising security-critical components surrounded by maximally hostile unrefined components are often characterised only by compositions of refinements of the abstract system's components, rather than all refinements of the abstract system. In this case, refinement-closed security properties that examine multiple behaviours of a system at once can be falsely violated by the presence of inconsistent pairs of behaviour arising from different, incompatible refinements of the system's components. We show how to weaken a class of such properties, which includes both information flow and causation properties, to allow them to be applied to these sorts of abstract systems. The weakened properties ignore all pairs of inconsistent behaviour that would have violated the original property from which they are derived. We also show how to adapt existing automated tests for these properties to allow them to be used to test for their weakened counterparts instead. This enables greater flexibility in the application of these sorts of properties to compositions of nondeterministic components.