Abstract
Information flow and noninterference are popular concepts for expressing confidentiality and integrity properties. We present the first general definition of probabilistic noninterference in reactive systems that includes a computational case. This case is essential for coping with real cryptography since noninterference properties can usually only be guaranteed if the underlying cryptographic primitives have not been broken. This might happen, but only with negligible probability. We show that our noninterference definition is maintained under simulatability, the notion of secure implementation of modern cryptography. This allows secure composition of systems and yields a general strategy for including cryptographic primitives in information-flow proofs. As an example we study a cryptographic firewall guarding two honest users from their environment.
Similar content being viewed by others
References
Abadi M, Blanchet B (2001) Secrecy types for asymmetric communication. In: Proc. 4th international conference on foundations of SOFTWARE SCIENCE AND COMPUTATION STRUCTURES (FOSSACS), Lecture notes in computer science, vol 2030. Springer, Berlin Heidelberg New York, pp 25–41
Backes M, Jacobi C, Pfitzmann B (2002) Deriving cryptographically sound implementations using composition and formally verified bisimulation. In: Proc. 11th symposium on Formal Methods Europe (FME 2002). Lecture notes in computer science, vol 2391. Springer, Berlin Heidelberg New York, pp 310–329
Backes M, Pfitzmann B (2003) Intransitive non-interference for cryptographic purposes. In: Proc. 24th IEEE symposium on security and privacy, pp 140–152
Backes M, Pfitzmann B, Steiner M, Waidner M (2002) Polynomial fairness and liveness. In: Proc. 15th IEEE Computer Security Foundations Workshop (CSFW), pp 160–174
Backes M, Pfitzmann B, Waidner M (2003) A composable cryptographic library with nested operations (extended abstract). In: Proc. 10th ACM conference on computer and communications security, pp 220–230. Full version in IACR Cryptology ePrint Archive 2003/015, January 2003. http:==eprint.iacr.org/
Backes M, Pfitzmann B, Waidner M (2004) Secure asynchronous reactive systems. IACR Cryptology ePrint Archive 2004/082, March 2004
Beaver D (1991) Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority. J Cryptol 4(2):75–122
Bell D, LaPadula L (1976) Secure computer systems: unified exposition and multics interpretation. Computer Science Technical Report ESD-TR-75-306, The Mitre Corporation
Bellare M, Canetti R, Krawczyk H (1998) A modular approach to the design and analysis of authentication and key exchange protocols. In: Proc. 30th annual ACM symposium on theory of computing (STOC), pp 419–428
Bellare M, Desai A, Pointcheval D, Rogaway P (1998) Relations among notions of security for public-key encryption schemes. In: Advances in Cryptology: CRYPTO ’98. Lecture notes in computer science, vol 1462. Springer, Berlin Heidelberg New York, pp 26–45
Canetti R (2000) Security and composition of multiparty cryptographic protocols. J Cryptol 3(1):143–202
Canetti R (2001) Universally composable security: A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE symposium on foundations of computer science (FOCS), pp 136–145 Extended version in Cryptology ePrint Archive, Report 2000/67, http:==eprint.iacr.org/
Canetti R, Goldwasser S (1999) An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Advances in Cryptology: EUROCRYPT ’99. Lecture notes in computer science, vol 1592. Springer, Berlin Heidelberg New York, pp 90–106
Clark D, Hankin C, Hunt S, Nagarajan R (2000) Possibilistic information flow is safe for probabilistic non-interference. In: Proc. WITS. www.doc.ic.ac.uk=∼clh/Papers/witscnh.ps.gz
Cramer R, Shoup V (1998) Practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Advances in Cryptology: CRYPTO ’98. Lecture notes in computer science, vol 1462. Springer, Berlin Heidelberg New York, pp 13–25
Datta A, Derek A, Mitchell JC, Pavlovic D (2003) Secure protocol composition (extended abstract). In: Proc. 1st ACM workshop on formal methods in security engineering (FMSE), pp 11–23
Denning DE (1976) A lattice model of secure information flow. Commun ACM 19(5):236–243
Denning DE, Denning PJ (1977) Certification of programs for secure information flow. Commun ACM 20(7):504–513
Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Focardi R, Gorrieri R (1997) The compositional security checker: a tool for the verification of information flow security properties. IEEE Trans Softw Eng 23(9):550–571
Gennaro R, Micali S (1995) Verifiable secret sharing as secure computation. In: Advances in Cryptology: EUROCRYPT ’95. Lecture notes in computer science, vol 921. Springer, Berlin Heidelberg New York, pp 168–182
Goguen JA, Meseguer J (1982) Security policies and security models. In: Proc. 3rd IEEE symposium on security and privacy, pp 11–20
Goguen JA, Meseguer J (1984) Unwinding and inference control. In: Proc. 5th IEEE symposium on security and privacy, pp 75–86
Goldreich O (1998) Secure multi-party computation. Department of Computer Science and Applied Mathematics, The Weizmann Institute of Science, Rehovot, Israel, June 1998. Revised version 1.4 October 2002. http:==www.wisdom.weizmann.ac.il/users/oded/pp.htm
Goldreich O (2001) Foundations of cryptography: basic tools. Cambridge University Press, Cambridge, UK
Goldreich O, Micali S, Wigderson A (1987) How to play any mental game – or – a completeness theorem for protocols with honest majority. In: Proc. 19th annual ACM symposium on theory of computing (STOC), pp 218–229
Goldwasser S, Levin L (1990) Fair computation of general functions in presence of immoral majority. In: Advances in Cryptology: CRYPTO ’90. Lecture notes in computer science, vol 537. Springer, Berlin Heidelberg New York, pp 77–93
Goldwasser S, Micali S, Rivest RL (1988) A digital signature scheme secure against adaptive chosen-message attacks. SIAM J Comput 17(2):281–308
Gray III, J.W. (1990) Probabilistic interference. In: Proc. 11th IEEE symposium on security and privacy, pp 170–179
Gray III JW (1992) Toward a mathematical foundation for information flow security. J Comput Secur 1(3):255–295
Hirt M, Maurer U (2000) Player simulation and general adversary structures in perfect multiparty computation. J Cryptol 13(1):31–60
Hoare CAR (1985) Communicating sequential processes. International Series in Computer Science, Prentice Hall, Hemel Hempstead
Jacob J (1992) Basic theorems about security. J Comput Secur 1(4):385–411
Johnson DM, Javier Thayer F (1988) Security and the composition of machines. In: Proc. 1st IEEE Computer Security Foundations Workshop (CSFW), pp 72–89
Kang MH, Moskowitz IS, Lee DC (1995) A network version of the pump. In: Proc. 16th IEEE symposium on security and privacy, pp 144–154
Laud P (2001) Semantics and program analysis of computationally secure information flow. In: Proc. 10th European symposium on programming (ESOP), pp 77–91
Lincoln P, Mitchell J, Mitchell M, Scedrov A (1998) A probabilistic poly-time framework for protocol analysis. In: Proc. 5th ACM conference on computer and communications security, pp 112–121
Lincoln P, Mitchell J, Mitchell M, Scedrov A (1999) Probabilistic polynomial-time equivalence and security analysis. In: Proc. 8th symposium on Formal Methods Europe (FME 1999). Lecture notes in computer science, vol 1708. Springer, Berlin Heidelberg New York, pp 776–793
Lynch N (1996) Distributed algorithms. Morgan Kaufmann, San Francisco
Mantel H (2000) Unwinding possibilistic security properties. In: Proc. 6th European symposium on research in computer security (ESORICS). Lecture notes in computer science, vol 1895. Springer, Berlin Heidelberg New York, pp 238–254
Mantel H (2001) Information flow control and applications – bridging a gap. In: Proc. 10th symposium on Formal Methods Europe (FME 2001). Lecture notes in computer science, vol 2021. Springer, Berlin Heidelberg New York, pp 153–172
Mantel H (2001) Preserving information flow properties under refinement. In: Proc. 22nd IEEE symposium on security and privacy, pp 78–91
Mantel H (2002) On the composition of secure systems. In: Proc. 23rd IEEE symposium on security and privacy, pp 88–101
Mantel H, Sabelfeld A (2001) A generic approach to the security of multi-threaded programs. In: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pp 200–214
McCullough D (1987) Specifications for multi-level security and a hook-up property. In Proc. 8th IEEE symposium on security and privacy, pp 161–166
McCullough D (1990) A hookup theorem for multilevel security. IEEE Trans Softw Eng 16(6):563–568
McLean J (1990) Security models and information flow. In: Proc. 11th IEEE symposium on security and privacy, pp 180–187
McLean J (1994) A general theory of composition for trace sets closed under selective interleaving functions. In: Proc. 15th IEEE symposium on security and privacy, pp 79–93
McLean J (1994) Security models. In: Encyclopedia of Software Engineering
McLean J (1996) A general theory of composition for a class of “possibilistic” security properties. IEEE Trans Softw Eng 22(1):53–67
Micali S, Rogaway P (1991) Secure computation. In: Advances in Cryptology: CRYPTO ’91. Lecture notes in computer science, vol 576. Springer, Berlin Heidelberg New York, pp 392–404
Millen JK (1987) Covert channel capacity. In: Proc. 8th IEEE symposium on security and privacy, pp 60–66
Myers A, Liskov B (2000) Protecting privacy using the decentralized label model. ACM Trans Softw Eng Methodol, pp 410–442
Pfitzmann B, Waidner M (2000) Composition and integrity preservation of secure reactive systems. In: Proc. 7th ACM conference on computer and communications security, pp 245–254. Extended version (with Matthias Schunter) IBM Research Report RZ 3206, May 2000. http:==www.semper.org/sirene/publ/PfSW1_00ReactSimulIBM.ps.gz.
Pfitzmann B, Waidner M (2001) A model for asynchronous reactive systems and its application to secure message transmission. In: Proc. 22nd IEEE symposium on security and privacy, pp 184–200
Pinsky S (1995) Absorbing covers and intransitive non-interference. In: Proc. 16th IEEE symposium on security and privacy, pp 102–113
Roscoe A, Goldsmith M (1999) What is intransitive noninterference? In: Proc. 12th IEEE Computer Security Foundations Workshop (CSFW), pp 226–238
Rushby J (1992) Noninterference, transitivity, and channel-control security. Technical report, Computer Science Laboratory, SRI International
Sabelfeld A, Sands D (1999) A per model of secure information flow in sequential programs. In: Proc. European symposium on programming (ESOP). Springer, Berlin Heidelberg New York, pp 40–58
Sabelfeld A, Sands D (2000) Probabilistic noninterference for multi-threaded programs. In: Proc. 13th IEEE Computer Security Foundations Workshop (CSFW), pp 200–214
Schellhorn G, Reif W, Schairer A, Karger P, Austel V, Toll D (2000) Verification of a formal security model for multiapplicative smart cards. In: Proc. 6th European symposium on research in computer security (ESORICS). Lecture notes in computer science, vol 1895. Springer, Berlin Heidelberg New York, pp 17–36
Smith G (2001) A new type system for secure information flow. In: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pp 115–125
Smith G, Volpano D (1998) Secure information flow in a multi-threaded imperative language. In: Proc. 25th ACM symposium on principles of programming languages (POPL), pp 355–364
Sutherland D (1986) A model of information. In: Proc. 9th national conference on computer security, pp 175–183
Volpano D (2000) Secure introduction of one-way functions. In: Proc. 13th IEEE Computer Security Foundations Workshop (CSFW), pp 246–254
Volpano D, Smith G (1997) Eliminating covert flows with minimum typings. In: Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pp 156–168
Volpano D, Smith G (1998) Probabilistic noninterference in a concurrent language. In: Proc. 11th IEEE Computer Security Foundations Workshop (CSFW), pp 34–43
Volpano D, Smith G, Irvine C (1996) A sound type system for secure flow analysis. J Comput Secur 4(3):167–187
Wittbold JT, Johnson DM (1990) Information flow in nondeterministic systems. In: Proc. 11th IEEE symposium on security and privacy, pp 144–161
Yao AC (1982) Protocols for secure computations. In: Proc. 23rd IEEE symposium on foundations of computer science (FOCS), pp 160–164
Zakinthinos A, Lee ES (1997) A general theory of security properties. In: Proc. 18th IEEE symposium on security and privacy, pp 94–102
Zdancewic S, Myers AC (2001) Robust declassification. In: Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pp 15–23
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Backes, M., Pfitzmann, B. Computational probabilistic noninterference. IJIS 3, 42–60 (2004). https://doi.org/10.1007/s10207-004-0039-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0039-7