Abstract
Non-interference characterises the absence of undesired information flows in a computing system, by asking that actions with higher level of confidentiality do not cause any observable effect at the lower levels. In many concrete applications, this requirement is too strict and the abstract model is enriched with some form of downgrading, namely with the possibility of declassifying information, thus allowing for a controlled form of leakage. This paper focuses on BINI (Bisimilarity-based Intransitive non-interference), a formalisation of non-interference with downgrading in the setting of Petri nets. Generalising some previous works, we provide a causal characterisation of BINI in terms of the unfolding semantics, a true concurrent semantics of Petri nets. Building on this, we design an algorithm for checking BINI on safe Petri nets which relies on the construction of suitable complete prefixes of the unfolding. The algorithm is implemented in a prototype tool and some preliminary tests are quite encouraging as they suggest that the management of downgrading does not cause any significant performance decay.
Work supported by the project Récré (ANR) and the MIUR PRIN project CINA.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Rushby, J.M.: Design and verification of secure systems. In: SOSP 1981, pp. 12–21. ACM (1981)
Haigh, J.T., Young, W.D.: Extending the noninterference version of mls for sat. IEEE Trans. Softw. Eng. 13(2), 141–150 (1987)
Rushby, J.: Noninterference, transitivity and channel-control security policies. Technical report. Technical report CSL-92-02, SRI International (1992)
Mantel, H., Sands, D.: Controlled declassification based on intransitive noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)
Bossi, A., Piazza, C., Rossi, S.: Modelling downgrading in information flow security. In: CSFW2004, pp. 187–201. IEEE (2004)
Best, E., Darondeau, P., Gorrieri, R.: On the decidability of non interference over unbounded Petri nets. In: SecCo 2010. EPTCS, vol. 51, pp. 16–33 (2010)
Gorrieri, R., Vernali, M.: On intransitive non-interference in some models of concurrency. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 125–151. Springer, Heidelberg (2011)
Focardi, R., Gorrieri, R., Martinelli, F.: Classification of security properties. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2001. LNCS, vol. 2946, pp. 139–185. Springer, Heidelberg (2004)
McCullough, D.: Noninterference and the composability of security properties. In: IEEE Symposium on Security and Privacy, pp. 178–186. IEEE (1988)
Wittbold, J., Johnson, D.: Information flow in nondeterministic systems. In: IEEE Symposium on Security and Privacy, pp. 148–161. IEEE (1990)
Ryan, P., Schneider, Y.: Process algebra and non-interference. J. Comput. Secur. 9(1/2), 75–103 (2001)
Mantel, H.: Possibilistic definitions of security - an assembly kit. In: CSFW 2000, pp. 185–199. IEEE (2000)
Busi, N., Gorrieri, R.: Structural non-interference in elementary and trace nets. Math. Struct. Comput. Sci. 19(6), 1065–1090 (2009)
Baldan, P., Carraro, A.: Non-interference by unfolding. In: Ciardo, G., Kindler, E. (eds.) PETRI NETS 2014. LNCS, vol. 8489, pp. 190–209. Springer, Heidelberg (2014)
Nielsen, M., Plotkin, G., Winskel, G.: Petri nets, event structures and domains, part 1. Theor. Comput. Sci. 13, 85–108 (1981)
Esparza, J., Heljanko, K.: Unfoldings - A Partial order Approach to Model Checking. EACTS Monographs in Theoretical Computer Science. Springer, Heidelberg (2008)
Baldan, P., Burato, F., Carraro, A.: UBIC2: unfolding-based interference checker 2 (2014). https://bitbucket.org/fburato/ubic2/
Technology, S.: ANICA: automated non-interference check assistant (2011). http://service-technology.org/anica
McMillan, K.L.: A technique of state space search based on unfolding. Formal Meth. Syst. Des. 6(1), 45–65 (1995)
Khomenko, V., Koutny, M., Vogler, W.: Canonical prefixes of Petri net unfoldings. Acta Informatica 40, 95–118 (2003)
Rodríguez, C., Schwoon, S.: Cunf: a tool for unfolding and verifying Petri nets with read arcs. In: Van Hung, D., Ogawa, M. (eds.) ATVA 2013. LNCS, vol. 8172, pp. 492–495. Springer, Heidelberg (2013)
Gorrieri, R., Montanari, U.: SCONE: a simple calculus of nets. CONCUR 1990. LNCS, vol. 458, pp. 2–31. Springer, Heidelberg (1990)
Devillers, R., Klaudel, H., Koutny, M.: A compositional Petri net translation of general pi-calculus terms. Formal Aspects Comput. 20(4–5), 429–450 (2008)
Meyer, R., Khomenko, V., Hüchting, R.: A polynomial translation of \(\pi \)-calculus (FCP) to safe Petri nets. In: Koutny, M., Ulidowski, I. (eds.) CONCUR 2012. LNCS, vol. 7454, pp. 440–455. Springer, Heidelberg (2012)
Baldan, P., Corradini, A., König, B., Schwoon, S., Rodríguez, C.: Efficient unfolding of contextual Petri nets. Theor. Comput. Sci. 449(1), 2–22 (2012)
Best, E., Darondeau, P.: Deciding selective declassification of Petri nets. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 290–308. Springer, Heidelberg (2012)
Bryans, J., Koutny, M., Ryan, P.: Modelling dynamic opacity using Petri nets with silent actions. In: Dimitrakos, T., Martinelli, F. (eds.) FAST. IIFIP, vol. 173, pp. 159–172. Springer, Heidelberg (2005)
Haar, S.: Types of asynchronous diagnosability and the reveals-relation in occurrence nets. IEEE Trans. Autom. Control 55(10), 2310–2320 (2010)
Acknowledgements
We are grateful to the the anonymous referees for their insightful comments and suggestions on the submitted version of this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Baldan, P., Burato, F., Carraro, A. (2015). Intransitive Non-Interference by Unfolding. In: Lanese, I., Madelaine, E. (eds) Formal Aspects of Component Software. FACS 2014. Lecture Notes in Computer Science(), vol 8997. Springer, Cham. https://doi.org/10.1007/978-3-319-15317-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-15317-9_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15316-2
Online ISBN: 978-3-319-15317-9
eBook Packages: Computer ScienceComputer Science (R0)