Dynamic Observers for the Synthesis of Opaque Systems
ATVA '09 Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis
Verification and synthesis for secrecy in discrete-event systems
ACC'09 Proceedings of the 2009 conference on American Control Conference
On intransitive non-interference in some models of concurrency
Foundations of security analysis and design VI
Synthesis of opaque systems with static and dynamic masks
Formal Methods in System Design
VECoS'11 Proceedings of the Fifth international conference on Verification and Evaluation of Computer and Communication Systems
Conditional information flow policies and unwinding relations
TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
Verification of initial-state opacity in security applications of discrete event systems
Information Sciences: an International Journal
Comparative analysis of related notions of opacity in centralized and coordinated architectures
Discrete Event Dynamic Systems
Hi-index | 0.00 |
We propose an algorithmic approach to the problem of verification of the property of intransitive noninterference (INI), using tools and concepts of discrete event systems (DES). INI can be used to characterize and solve several important security problems in multilevel security systems. In a previous work, we have established the notion of iP-observability, which precisely captures the property of INI. We have also developed an algorithm for checking iP-observability by indirectly checking P-observability for systems with at most three security levels. In this paper, we generalize the results for systems with any finite number of security levels by developing a direct method for checking iP-observability, based on an insightful observation that the iP function is a left congruence in terms of relations on formal languages. To demonstrate the applicability of our approach, we propose a formal method to detect denial of service vulnerabilities in security protocols based on INI. This method is illustrated using the TCP/IP protocol. The work extends the theory of supervisory control of DES to a new application domain.