The PER model of abstract non-interference

Authors:
Sebastian Hunt;Isabella Mastroeni
Affiliations:
Department of Computing, School of Informatics, City University, London, UK;Department of Computing and Information Sciences, Kansas State University, Manhattan, Kansas
Venue:
SAS'05 Proceedings of the 12th international conference on Static Analysis
Year:
2005

Citing 15
Cited 10

The quotient of an abstract interpretation

Theoretical Computer Science
Making abstract interpretations complete

Journal of the ACM (JACM)
A semantic approach to secure information flow

Science of Computer Programming - Special issue on mathematics of program construction
Static enforcement of security with types

ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
A sound type system for secure flow analysis

Journal of Computer Security
Certification of programs for secure information flow

Communications of the ACM
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Systematic design of program analysis frameworks

POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A Per Model of Secure Information Flow in Sequential Programs

Higher-Order and Symbolic Computation
Semantics and Program Analysis of Computationally Secure Information Flow

ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Robust Declassification

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Abstract non-interference: parameterizing non-interference by abstract interpretation

Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Adjoining declassification and attack models by abstract interpretation

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Information flow for Algol-like languages

Computer Languages, Systems and Structures
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

What You Lose is What You Leak: Information Leakage in Declassification Policies

Electronic Notes in Theoretical Computer Science (ENTCS)
Data dependencies and program slicing: from syntax to abstract semantics

PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Declassification: Dimensions and principles

Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Deriving bisimulations by simplifying partitions

VMCAI'08 Proceedings of the 9th international conference on Verification, model checking, and abstract interpretation
Adjoining classified and unclassified information by abstract interpretation

Journal of Computer Security
On the rôle of abstract non-interference in language-based security

APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Timed abstract non-interference

FORMATS'05 Proceedings of the Third international conference on Formal Modeling and Analysis of Timed Systems
Modelling declassification policies using abstract domain completeness

Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Generalized abstract non-interference: abstract secure information-flow analysis for automata

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
A semantic hierarchy for erasure policies

ICISS'11 Proceedings of the 7th international conference on Information Systems Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we study the relationship between two models of secure information flow: the PER model (which uses equivalence relations) and the abstract non-interference model (which uses upper closure operators). We embed the lattice of equivalence relations into the lattice of closures, re-interpreting abstract non-interference over the lattice of equivalence relations. For narrow abstract non-interference, we show that the new definition is equivalent to the original, whereas for abstract non-interference it is strictly less general. The relational presentation of abstract non-interference leads to a simplified construction of the most concrete harmless attacker. Moreover, the PER model of abstract non-interference allows us to derive unconstrained attacker models, which do not necessarily either observe all public information or ignore all private information. Finally, we show how abstract domain completeness can be used for enforcing the PER model of abstract non-interference.