Unifying theories of confidentiality

Authors:
Michael J. Banks;Jeremy L. Jacob
Affiliations:
Department of Computer Science, University of York, UK;Department of Computer Science, University of York, UK
Venue:
UTP'10 Proceedings of the Third international conference on Unifying theories of programming
Year:
2010

Citing 17
Cited 1

Programming from specifications (2nd ed.)

Programming from specifications (2nd ed.)
A note on the confinement problem

Communications of the ACM
Mathematical Models of Computer Security

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Confidentiality-Preserving Refinement is Compositional - Sometimes

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Possibilistic Definitions of Security - An Assembly Kit

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
On the Composition of Secure Systems

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
CSP and determinism in security modelling

SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Preservation of probabilistic information flow under refinement

Information and Computation
A UTP semantics for Circus

Formal Aspects of Computing
On the Foundations of Quantitative Information Flow

FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
The Shadow Knows: Refinement and security in sequential programs

Science of Computer Programming
How to Brew-up a Refinement Ordering

Electronic Notes in Theoretical Computer Science (ENTCS)
Maintaining information flow security under refinement and transformation

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
On modelling user observations in the UTP

UTP'10 Proceedings of the Third international conference on Unifying theories of programming
Preserving secrecy under refinement

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
A formal framework for confidentiality-preserving refinement

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

Specifying confidentiality in circus

FM'11 Proceedings of the 17th international conference on Formal methods

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a framework for reasoning about the security of confidential data within software systems. A novelty is that we use Hoare and He's Unifying Theories of Programming (UTP) to do so and derive advantage from this choice. We identify how information flow between users can be modelled in the UTP and devise conditions for verifying that system designs may not leak secret information to untrusted users. We also investigate how these conditions can be combined with existing notions of refinement to produce refinement relations suitable for deriving secure implementations of systems.