J. Jurjens, \Secure information ow for concurrent processes", in Proc. of the 11th Int. Conf. on Concurrency Theory, Springer LNCS 1877, pp. 395-409, 2000  Home/Search   Document Details and Download   Summary   Related Articles   Check

....time outs for the high output actions, i.e. events that empty the channel and allow a new low level input, whenever high outputs are not accepted within a certain amount of time. In this respect, it would be quite interesting to rephrase our theory to models enriched with time or probability as [2, 12, 8], in order to study how the completion instantiate to more concrete settings. Even if the resulting process behaves di erently from the low level point of view (C is not BSNNI ) we think that C can be reasonably proposed as a secure rectifying of C. Indeed, note that the only di erence, ....

Jan Jurjens. Secure information ow for concurrent processes. In Proc. of International Conference on Concurrency Theory (Concur 2000). LNCS 1877, SpringerVerlag, August 2000.

....information always ows up: low data may in uence high data, but not vc. vs. the opposite of this condition provides data integrity ; thus also integrity is implicitly covered by our approach) To avoid covert channels one can use the notion of noninterference (Goguen, Meseguer 1982; cf. e.g. J ur00] Secure communication over untrusted networks requires speci c mechanisms such as encryption and cryptographic protocols. There has been much work on security using formal methods (e.g. BAN89, RWW94, Low96, AJ00, J ur01c] mostly about security protocols or secure information ow. And94] ....

Jan Jurjens. Secure information ow for concurrent processes. In C. Palamidessi, editor, CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1877 of LNCS, pages 395-409, Pennsylvania, 2000. Springer.

....explain the security threat model and give results. We end with a conclusion and indicate further planned work. 1.1. Security assurance using formal modelling There has been extensive research in using formal models to verify secure systems. A few examples are [BAN89, Low96, Pau98, J ur00, AJ01, J ur01a, WW01] for an overview wrt. security protocols cf. GSG99, RSG 01] However, auditing does not seem to have been considered extensively. An overview on payment systems is given in [AJSW00] Smart card protocols have been investigated using formal logic in [ABKL93] 00] ....

Jan Jurjens. Secure information ow for concurrent processes. In C. Palamidessi, editor, CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1877 of LNCS, pages 395-409. Springer, August 2000.

....exchange data. Additionally, one needs to prevent indirect information ow within an object from high to low data. The possibility of covert channels (Lampson 1973) makes this non trivial, but it can be enforced using the notion of noninterference (Goguen, Meseguer 1982; for a discussion cf. J ur00b] Security aspects depend on the physical layer of a system: Special security concerns arise e.g. in the case of distributed object systems, since data sent over wide area networks such as the Internet is subject to eavesdropping, interception and modi cation. Distributed object systems are ....

Jan Jurjens. Secure information ow for concurrent processes. In C. Palamidessi, editor, CONCUR

....satis es the security property. Unfortunately, this is often not the case: various formulations of security properties in formal models are noncomposable (e.g. McLean s Applied Flow Model and Gray s Probabilistic Noninterference (in its original model) have been shown to be noncomposable in [J ur00] exceptions are [Var91, Mea92] jan comlab.ox.ac.uk http: www.jurjens.de jan This work was supported by the Studienstiftung des deutschen Volkes and the Computing Laboratory. Not only does this make veri cation of speci cations harder; even worse, it is also not clear what a ....

....out in [Mea00] Var91] gives a hook up property for information ow secure nets. Mea92] discusses composability of notions of secure information ow using traces based on procedure calls. McL96] gives general results for composability of possibilistic notions of secure information ow. J ur00] shows two notions of secure information ow, namely McLean s Applied Flow Model (AFM) and Gray s Probabilistic Noninterference (PNI) in its original model) to be non composable, and provides a slight modi cation of Gray s model where PNI is composable. In [Lot97] threat scenarios are used to ....

Jan Jurjens. Secure information ow for concurrent processes. In CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1877 of LNCS, pages 395-409, Pennsylvania, 2000. Springer.

....and proved it secure. We gave an abstract speci cation of a secure channel satisfying secrecy and re ned it to a concrete speci cation, thus satisfying secrecy by the preservation result. In further work [J ur00b] we exhibit conditions for the compositionality of secrecy using ideas from [J ur00c] Future work will give internal characterisations for the notion of secrecy (that do not directly refer to adversaries and therefore are easier to check) and address other security properties such as integrity and authenticity and the integration into current work towards using the Uni ed ....

Jan Jurjens. Secure information ow for concurrent processes. In C. Palamidessi, editor, CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1877 of LNCS, pages 395-409, Pennsylvania, 2000. Springer.

No context found.

J. Jurjens, \Secure information ow for concurrent processes", in Proc. of the 11th Int. Conf. on Concurrency Theory, Springer LNCS 1877, pp. 395-409, 2000

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC