Communicating sequential processes
Communicating sequential processes
Modeling and verification of randomized distributed real-time systems
Modeling and verification of randomized distributed real-time systems
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Probabilistic noninterference in a concurrent language
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
Noninterference for concurrent programs and thread systems
Theoretical Computer Science
Information flow vs. resource access in the asynchronous pi-calculus
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proofs Methods for Bisimulation Based Information Flow Security
VMCAI '02 Revised Papers from the Third International Workshop on Verification, Model Checking, and Abstract Interpretation
Bisimulation and Unwinding for Verifying Possibilistic Security Properties
VMCAI 2003 Proceedings of the 4th International Conference on Verification, Model Checking, and Abstract Interpretation
Unwinding Possibilistic Security Properties
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Proof of separability: A verification technique for a class of a security kernels
Proceedings of the 5th Colloquium on International Symposium on Programming
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
CSP and determinism in security modelling
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Formally verifying information flow type systems for concurrent and thread systems
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Extending noninterference properties to the timed world
Proceedings of the 2006 ACM symposium on Applied computing
Securing Interaction between Threads and the Scheduler
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Algorithmic Verification of Noninterference Properties
Electronic Notes in Theoretical Computer Science (ENTCS)
Lottery scheduling: flexible proportional-share resource management
OSDI '94 Proceedings of the 1st USENIX conference on Operating Systems Design and Implementation
Information Flow in Systems with Schedulers
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Structural non-interference in elementary and trace nets
Mathematical Structures in Computer Science
A comparison of semantic models for noninterference
Theoretical Computer Science
Flexible scheduler-independent security
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Noninterference and the composability of security properties
SP'88 Proceedings of the 1988 IEEE conference on Security and privacy
The complexity of synchronous notions of information flow security
FOSSACS'10 Proceedings of the 13th international conference on Foundations of Software Science and Computational Structures
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Real-time information flow analysis
IEEE Journal on Selected Areas in Communications
Information flow in systems with schedulers, Part II: Refinement
Theoretical Computer Science
Hi-index | 5.23 |
This paper studies information flow security in a synchronous state machine model, in which agents share a global clock and can make observations at all times, but in which an agent's ability to perform actions is subject to a scheduler. A number of definitions of security for this setting are proposed, depending on whether the attacker is active or passive, whether the security should be robust to discovery of the schedule by the attacker, and on whether the definition is trace-based or bisimulation-based. In particular, the paper studies the dependence of these definitions of security on implementation details of the scheduler. Such independence is shown to hold for the trace-based definitions, but not for bisimulation-based definitions. Stronger versions of the bisimulation-based definitions are proposed that recover implementation-independence. A complete characterization of relationships between the definitions of security introduced in the paper is derived.