Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
On Confidentiality and Algorithms
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
When can a program be trusted with your secret data? The setting which motivates this work is that of confidentiality and privacy in mobile code. Assume that some user wants to run a program that originates from an untrusted source. For example, the program can have been downloaded from an untrusted site on the Internet. When the program is run, it has to be given access to some data that the user regards as confidential in order to compute the desired results. While running, the program also needs to have access to the Internet in order to fetch various kinds of information from databases etc. This setting has been the motivation behind a recent resurgence of interest in the analysis and certification of confidentiality properties of programs.In this talk we will provide an overview of our recent work on the specification and verification of secure information flow in such programs. We highlight how probabilistic considerations enter in two quite different ways. In the first instance, probabilities are an additional security threat. Concurrent systems might exhibit probabilistic behaviour which an attacker could exploit to leak information. In this case we look at the modelling and verification of secure information flow using probabilistic bisimulations. In the second case, we look at how probabilistic behaviour can come to our aide when trying to eliminate the information flows which arise through the timing behaviour of programs.