Bisimulation through probabilistic testing
Information and Computation
Semantics of programming languages: structures and techniques
Semantics of programming languages: structures and techniques
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Probabilistic noninterference in a concurrent language
Journal of Computer Security
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
A uniform type structure for secure information flow
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Noninterference for concurrent programs and thread systems
Theoretical Computer Science
Weak Bisimulation for Fully Probabilistic Processes
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Fast probabilistic simulation, nontermination, and secure information flow
Proceedings of the 2007 workshop on Programming languages and analysis for security
A security domain model to assess software for exploitable covert channels
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Secure information flow for distributed systems
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Non-termination and secure information flow
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Enforcing information flow policies by a three-valued analysis
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Proving concurrent noninterference
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
| Hi-index | 0.00 |
With the variables of a program classified as L (low, public) or H (high, private), the secure information flow problem is concerned with preventing the program from leaking information from H variables to L variables. In the context of a multi-threaded imperative language with probabilistic scheduling, the goal can be formalized as a probabilistic noninterference property. Previous work identified a type system sufficient to guarantee probabilistic noninterference, but at the cost of severe restrictions to prevent timing leaks -- for example, H variables were forbidden in the guards of while loops. Here we present a more permissive type system that allows the running times of threads to depend on the values of H variables, provided that these timing variations cannot affect the values of L variables. The type system gives each command a type of the form τ1 cmd τ2; this type says that the command assigns only to variables of level τ1 (or higher) and has running time that depends only on variables of level τ2 (or lower). Also it uses types of the form τ cmd n for commands that terminate in exactly n steps. With these typings, timing leaks can be prevented by demanding that no assignment to an L variable may sequentially follow a command whose running time depends on H variables. We prove that well-typed multi-threaded programs satisfy a property that we call weak probabilistic noninterference ; it is based on a notion of weak probabilistic bisimulation for Markov chains, allowing two Markov chains to be regarded as equivalent even when one “runs” more slowly than the other. Finally, we show that the language can safely be extended with a fork command that allows new threads to be spawned.