English
Related papers

Related papers: Security Engineering in IIIf, Part II -- Refinemen…

200 papers

Ensuring compliance with Information Flow Security (IFS) is known to be challenging, especially for concurrent systems with large codebases such as multicore operating system (OS) kernels. Refinement, which verifies that an implementation…

Logic in Computer Science · Computer Science 2025-11-11 Huan Sun , David Sanán , Jingyi Wang , Yongwang Zhao , Jun Sun , Wenhai Wang

We give a sequential model for noninterference security including probability (but not demonic choice), thus supporting reasoning about the likelihood that high-security values might be revealed by observations of low-security activity. Our…

Formal Languages and Automata Theory · Computer Science 2010-07-08 Annabelle McIver , Larissa Meinicke , Carroll Morgan

In this paper, we show a security engineering process based on a formal notion of refinement fully formalized in the proof assistant Isabelle. This Refinement-Risk Cycle focuses on attack analysis and security refinement supported by…

Cryptography and Security · Computer Science 2020-01-27 Florian Kammüller

Noninterference guarantees that an attacker cannot infer secrets by interacting with a program. Information flow control (IFC) type systems assert noninterference by tracking the level of information learned (pc) and disallowing…

Programming Languages · Computer Science 2024-07-31 Farzaneh Derakhshan , Stephanie Balzer , Yue Yao

We use Hidden Markov Models to motivate a quantitative compositional semantics for noninterference-based security with iteration, including a refinement- or "implements" relation that compares two programs with respect to their information…

Cryptography and Security · Computer Science 2019-02-20 Annabelle McIver , Larissa Meinicke , Carroll Morgan

We introduce a new perspective into the field of quantitative information flow (QIF) analysis that invites the community to bound the leakage, reported by QIF quantifiers, by a range consistent with the size of a program's secret input…

Cryptography and Security · Computer Science 2012-06-06 Sari Haj Hussein

Languages with gradual information-flow control combine static and dynamic techniques to prevent security leaks. Gradual languages should satisfy the gradual guarantee: programs that only differ in the precision of their type annotations…

Programming Languages · Computer Science 2024-04-10 Tianyu Chen , Jeremy G. Siek

In this paper we provide a survey on the framework of abstract non-interference. In particular, we describe a general formalization of abstract non-interference by means of three dimensions (observation, protection and semantics) that can…

Programming Languages · Computer Science 2013-09-23 Isabella Mastroeni

Noninterference is a popular semantic security condition because it offers strong end-to-end guarantees, it is inherently compositional, and it can be enforced using a simple security type system. Unfortunately, it is too restrictive for…

Cryptography and Security · Computer Science 2021-01-14 Ethan Cecchetti , Andrew C. Myers , Owen Arden

It is common to prove by reasoning over source code that programs do not leak sensitive data. But doing so leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. This task is…

Logic in Computer Science · Computer Science 2020-10-23 Robert Sison , Toby Murray

The majority of modern systems exhibit sophisticated concurrent behaviour, where several system components modify and observe the system state with fine-grained atomicity. Many systems (e.g., multi-core processors, real-time controllers)…

Logic in Computer Science · Computer Science 2013-05-28 Brijesh Dongol , John Derrick

In this thesis we consider the problem of information hiding in the scenarios of interactive systems, statistical disclosure control, and refinement of specifications. We apply quantitative approaches to information flow in the first two…

Cryptography and Security · Computer Science 2012-02-14 Mário S. Alvim

This paper concerns the analysis of information leaks in security systems. We address the problem of specifying and analyzing large systems in the (standard) channel model used in quantitative information flow (QIF). We propose several…

Cryptography and Security · Computer Science 2018-07-10 Arthur Américo , Mário S. Alvim , Annabelle McIver

SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and…

In security-critical software applications, confidential information must be prevented from leaking to unauthorized sinks. Static analysis techniques are widespread to enforce a secure information flow by checking a program after…

Cryptography and Security · Computer Science 2022-08-05 Tobias Runge , Alexander Kittelmann , Marco Servetto , Alex Potanin , Ina Schaefer

Proving only over source code that programs do not leak sensitive data leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. Furthermore, software does not always have the luxury…

Programming Languages · Computer Science 2023-06-22 Robert Sison , Toby Murray

Assurance of information-flow security by formal methods is mandated in security certification of separation kernels. As an industrial standard for improving safety, ARINC 653 has been complied with by mainstream separation kernels. Due to…

Software Engineering · Computer Science 2017-02-21 Yongwang Zhao , David Sanan , Fuyuan Zhang , Yang Liu

In this paper, we introduce a process of formal system development supported by interactive theorem proving in a dedicated Isabelle framework. This Isabelle Infrastructure framework implements specification and verification in a cyclic…

Software Engineering · Computer Science 2021-12-09 Florian Kammüller

We demonstrate, by a number of examples, that information-flow security properties can be proved from abstract architectural descriptions, that describe only the causal structure of a system and local properties of trusted components. We…

Cryptography and Security · Computer Science 2016-01-05 Stephen Chong , Ron van der Meyden

Security of information flow is commonly understood as preventing any information leakage, regardless of how grave or harmless consequences the leakage can have. In this work, we suggest that information security is not a goal in itself,…

Cryptography and Security · Computer Science 2016-08-09 Wojciech Jamroga , Masoud Tabatabaei
‹ Prev 1 2 3 10 Next ›