Stutter-invariant temporal properties are expressible without the next-time operator
Information Processing Letters
CSP and determinism in security modelling
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Formally verifying information flow type systems for concurrent and thread systems
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
A Temporal Logic Characterisation of Oservational Determinism
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Securing Interaction between Threads and the Scheduler
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
A Type System for Observational Determinism
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Logical characterizations of bisimulations for discrete probabilistic systems
FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Model-checking secure information flow for multi-threaded programs
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Confidentiality for probabilistic multi-threaded programs and its verification
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Practical probability: applying pGCL to lattice scheduling
ITP'13 Proceedings of the 4th international conference on Interactive Theorem Proving
Effective verification of confidentiality for multi-threaded programs
Journal of Computer Security - Foundational Aspects of Security
Hi-index | 0.00 |
Observational determinism has been proposed in the literature as a way to ensure confidentiality for multi-threaded programs. Intuitively, a program is observationally deterministic if the behavior of the public variables is deterministic, i.e., independent of the private variables and the scheduling policy. Several formal definitions of observational determinism exist, but all of them have shortcomings; for example they accept insecure programs or they reject too many innocuous programs. Besides, the role of schedulers was ignored in all the proposed definitions. A program that is secure under one kind of scheduler might not be secure when executed with a different scheduler. The existing definitions do not always ensure that an accepted program behaves securely under the scheduler that is used to execute the program. Therefore, this paper proposes a new formalization of scheduler-specific observational determinism. It accepts programs that are secure when executed under a specific scheduler. Moreover, it is less restrictive on harmless programs under a particular scheduling policy. We discuss the properties of our definition and argue why it better approximates the intuitive understanding of observational determinism. In addition, we also discuss how compliance with our definition can be verified, using model-checking.