The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
Knowledge and common knowledge in a distributed environment
Journal of the ACM (JACM)
Programming from specifications (2nd ed.)
Programming from specifications (2nd ed.)
Reasoning about knowledge
A semantic approach to secure information flow
Science of Computer Programming - Special issue on mathematics of program construction
An axiomatic basis for computer programming
Communications of the ACM
A Discipline of Programming
Refinement Calculus: A Systematic Introduction
Refinement Calculus: A Systematic Introduction
A Per Model of Secure Information Flow in Sequential Programs
Higher-Order and Symbolic Computation
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Information transmission in computational systems
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Decentralization of process nets with centralized control
PODC '83 Proceedings of the second annual ACM symposium on Principles of distributed computing
Preserving Information Flow Properties under Refinement
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Symbolic Model Checking the Knowledge of the Dining Cryptographers
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science)
Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science)
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
The Shadow Knows: Refinement and security in sequential programs
Science of Computer Programming
The Secret Art of Computer Programming
ICTAC '09 Proceedings of the 6th International Colloquium on Theoretical Aspects of Computing
How to Brew-up a Refinement Ordering
Electronic Notes in Theoretical Computer Science (ENTCS)
Security, Probability and Nearly Fair Coins in the Cryptographers' Café
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Sums and Lovers: Case Studies in Security, Compositionality and Refinement
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Unifying Probability with Nondeterminism
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Developing security protocols by refinement
Proceedings of the 17th ACM conference on Computer and communications security
Scheduler-Independent declassification
MPC'12 Proceedings of the 11th international conference on Mathematics of Program Construction
Elementary probability theory in the eindhoven style
MPC'12 Proceedings of the 11th international conference on Mathematics of Program Construction
Information flow in systems with schedulers, Part II: Refinement
Theoretical Computer Science
| Hi-index | 0.00 |
Separating sequential-program state into “visible” and “hidden” parts facilitates reasoning about knowledge, security and privacy: applications include zero-knowledge protocols, and security contexts with hidden “high-security” state and visible “low-security” state. A rigorous definition of how specifications relate to implementations, as part of that reasoning, must ensure that implementations reveal no more than their specifications: they must, in effect, preserve ignorance. We propose just such a definition –a relation of ignorance-preserving refinement– between specifications and implementations of sequential programs. Its purpose is to enable a development-by-refinement methodology for applications like those above. Since preserving ignorance is an extra obligation, the proposed refinement relation restricts (rather than extends) the usual. We suggest general principles for restriction, and we give specific examples of them. To argue that we do not restrict too much –for “no refinements allowed at all” is trivially ignorance-preserving– we derive The Dining Cryptographers protocol via a program algebra based on the restricted refinement relation. It is also a motivating case study, as it has never before (we believe) been treated refinement-algebraically. In passing, we discuss –and solve– the Refinement Paradox.