On the Flow of Data, Information, and Time

  • Martín Abadi
  • Michael Isard
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9036)


We study information flow in a model for data-parallel computing. We show how an extant notion of virtual time can help guarantee information-flow properties. For this purpose, we introduce functions that express dependencies between inputs and outputs at each node in a dataflow graph. Each node may operate over a distinct set of virtual times—so, from a security perspective, it may have its own classification scheme. A coherence criterion ensures that those local dependencies yield global properties.


Security Level Outgoing Edge Local History Incoming Edge Alternative Behavior 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Lamport, L.: The existence of refinement mappings. Theoretical Computer Science 82(2), 253–284 (1991)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)CrossRefzbMATHMathSciNetGoogle Scholar
  3. 3.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  4. 4.
    Jefferson, D.R.: Virtual time. ACM Transactions on Programming Languages and Systems 7(3), 404–425 (1985)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Kahn, G.: The semantics of simple language for parallel programming. In: IFIP Congress, pp. 471–475 (1974)Google Scholar
  6. 6.
    Khan, S.M., Hamlen, K.W., Kantarcioglu, M.: Silver lining: Enforcing secure information flow at the cloud edge. In: 2014 IEEE International Conference on Cloud Engineering, pp. 37–46 (2014)Google Scholar
  7. 7.
    Kim, T., Wang, X., Zeldovich, N., Kaashoek, M.F.: Intrusion recovery using selective re-execution. In: 9th USENIX Symposium on Operating Systems Design and Implementation, pp. 89–104 (2010)Google Scholar
  8. 8.
    Lamport, L.: Specifying Systems, The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley (2002)Google Scholar
  9. 9.
    McLean, J.: Security models. In: Marciniak, J. (ed.) Encyclopedia of Software Engineering. Wiley & Sons (1994)Google Scholar
  10. 10.
    McSherry, F., Murray, D.G., Isaacs, R., Isard, M.: Differential dataflow. In: CIDR 2013, Sixth Biennial Conference on Innovative Data Systems Research (2013)Google Scholar
  11. 11.
    Murray, D.G., McSherry, F., Isaacs, R., Isard, M., Barham, P., Abadi, M.: Naiad: A timely dataflow system. In: ACM SIGOPS 24th Symposium on Operating Systems Principles, pp. 439–455 (2013)Google Scholar
  12. 12.
    Plotkin, G.: Domains, the so-called Pisa notes (1983),
  13. 13.
    Roy, I., Setty, S.T.V., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: Security and privacy for MapReduce. In: Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation, pp. 297–312 (2010)Google Scholar
  14. 14.
    Rushby, J.: Partitioning for avionics architectures: Requirements, mechanisms, and assurance. NASA Contractor Report CR-1999-209347, NASA Langley Research Center (June 1999)Google Scholar
  15. 15.
    Simpson, A., Woodcock, J., Davies, J.: Safety through security. In: Proceedings of the 9th International Workshop on Software Specification and Design, pp. 18–24. IEEE Computer Society (1998)Google Scholar
  16. 16.
    Weber, D.G.: Formal specification of fault-tolerance and its relation to computer security. In: Proceedings of the 5th International Workshop on Software Specification and Design, pp. 273–277. ACM (1989)Google Scholar
  17. 17.
    Zaharia, M., Chowdhury, M., Das, T., Dave, A., Ma, J., McCauly, M., Franklin, M.J., Shenker, S., Stoica, I.: Resilient distributed datasets: A fault-tolerant abstraction for in-memory cluster computing. In: Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, pp. 15–28 (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Martín Abadi
    • 1
  • Michael Isard
    • 2
  1. 1.University of CaliforniaSanta CruzUSA
  2. 2.Microsoft ResearchMountain ViewUSA

Personalised recommendations