Process algebra and non-interference
Journal of Computer Security
Non-Interference Through Determinism
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Hi-index | 0.00 |
Characterising the fundamental concepts of information security, such as confidentiality and authentication, has proved problematic from the outset and remains controversial to this day. Non-interference was proposed some 25 years ago to give a precise, formal characterisation of the absence of information flows through a system, motivated in large part by the discovery of “covert channels” in access control models such as Bell-LaPadula. Intuitively, it asserts that altering High's interactions with a system should not result in any observable difference in Low's interactions with the system. Superficially it appears to be a very natural and compelling concept but it turns out to harbor some surprising subtleties. Over the years various models of computation have been used to formalise non-interference. Typically these floundered on non-determinism, ”input/output” distinctions, input totality and so forth. In the late 80's and early 90's, process algebras, in particular CSP, were applied to information security. In this talk I will briefly overview this approach and discuss how the concepts and results from process algebra shed light on these haunted corners of non-interference, including the role of non-determinism, unwinding results, composition, refinement and input/output distinctions. In particular, we argue that the absence of information flow can be characterised in terms of process equivalence, itself a delicate and fundamental concept.