Time and Probability based Information Flow Analysis A. Troina Time and Probability based Introduction Information Flow Analysis The Model of PTA Non-interference Non-deterministic Systems Timed Systems Angelo Troina Probabilistic Systems Classifying Properties Non Deducibility on Composition Dipartimento di Informatica, Universit` a di Pisa, Italy A Finer Classification Joint work with: Ruggero Lanotte (University of Insubria at Como) Andrea Maggiolo Schettini (University of Pisa) 1/23
Time and Outline Probability based Information Flow Analysis A. Troina Introduction The Model of PTA Non-interference ◮ Multilevel Security Non-deterministic Systems ◮ Non-Interference [Goguen and Meseguer,1982] Timed Systems Probabilistic Systems ◮ The Model Classifying Properties Non Deducibility ◮ Probabilistic Timed Automata on Composition ◮ Weak Bisimulation for Probabilistic Timed Automata A Finer Classification ◮ Information Flow Analysis ◮ Probabilistic and/or Timed Security Properties 2/23
Time and Security in Multilevel Systems Probability based Information Flow Analysis A. Troina ◮ General setting : a multilevel system, i.e. a system of Introduction interacting agents where every agent is confined in a The Model of PTA bounded security level. Non-interference Non-deterministic ◮ Access rules : can be imposed to control direct Systems Timed Systems unwanted transmissions from higher levels to lower Probabilistic Systems Classifying Properties levels. Non Deducibility on Composition ◮ Covert channels : information could be transmitted A Finer Classification from higher levels to lower levels by using system side effects. ◮ Aim : to control the whole flow of information ◮ Non-interference : low level agents are not able to deduce anything about the activity of high level agents. 3/23
Time and Non-deterministic systems Probability based Information Flow Analysis A. Troina Introduction The Model of PTA ◮ J. A. Goguen, J. Meseguer: Security Policy and Security Non-interference Models . Proc. of Symp. on Research in Security and Non-deterministic Systems Privacy, IEEE CS Press, 11–20, 1982. Timed Systems Probabilistic Systems ◮ D. McCullough: Noninterference and the Composability Classifying Properties Non Deducibility of Security Properties . Proc. of Symp. on Research in on Composition A Finer Classification Security and Privacy, IEEE CS Press, 177–186, 1988. ◮ R. Focardi, R. Gorrieri: A Classification of Security Properties . Journal of Computer Security 3, 5–33, 1995. 4/23
Time and Timed systems Probability based Information Flow Analysis A. Troina Introduction ◮ R. Focardi, R. Gorrieri, F. Martinelli: Information Flow The Model of PTA Analysis in a Discrete-Time Process Algebra . Proc. of Non-interference 13th CSFW, IEEE CS Press, 170–184, 2000. Non-deterministic Systems Timed Systems ◮ N. Evans, S. Schneider: Analysing Time Dependent Probabilistic Systems Classifying Properties Security Properties in CSP Using PVS . Proc. of Symp. Non Deducibility on Research in Computer Security, Springer LNCS 1895, on Composition A Finer Classification 222–237, 2000. ◮ R. Barbuti, L. Tesei: A Decidable Notion of Timed Non-interference . Fundamenta Informaticae 54, 137–150, 2003. 5/23
Time and Probabilistic systems Probability based Information Flow Analysis A. Troina Introduction ◮ J. W. Gray III. Toward a Mathematical Foundation for The Model of PTA Information Flow Security . Journal of Computer Non-interference Security 1, 255–294, 1992. Non-deterministic Systems Timed Systems ◮ A. Aldini, M. Bravetti, R. Gorrieri: A Process-algebraic Probabilistic Systems Classifying Properties Approach for the Analysis of Probabilistic Non Deducibility Non-interference . Journal of Computer Security 12, on Composition A Finer Classification 191–245, 2004. ◮ A. Di Pierro, C. Hankin, H. Wiklicky: Approximate Non-Interference . Journal of Computer Security 12, 37-82, 2004. 6/23
Time and The Model of PTA Probability based Information Flow Analysis A. Troina A Probabilistic Timed Automaton (PTA) is Introduction A = (Σ , X , Q , q 0 , δ, π ). ✓✏ The Model of PTA Non-interference ✲ ✒✑ q 0 Non-deterministic Systems Timed Systems ✡ ❏ a , 1 b , 1 Probabilistic Systems ✡ ❏ Classifying Properties 2 2 ✡ ❏ ✓✏ x = 5 x = 5 ✓✏ Non Deducibility on Composition ✡ ❏ ✢ ✡ ❏ ❫ A Finer Classification ✒✑ ✒✑ q 1 q 2 A configuration of a PTA is a pair s = ( q , v ), where q ∈ Q is a state, and v is a valuation over X . 7/23
Time and Weak Bisimulation of Probabilistic Timed Probability based Information Flow Automata Analysis A. Troina Introduction A weak bisimulation is a bisimulation which does not The Model of PTA take care of internal moves. Non-interference Non-deterministic Systems For a PTA A = (Σ , X , Q , q 0 , δ, π ) a weak bisimulation is Timed Systems Probabilistic Systems an equivalence relation R such that, for all ( s , s ′ ) ∈ R Classifying Properties Non Deducibility and equivalence classes C of R : on Composition A Finer Classification Prob ( s , τ ∗ α, C ) = Prob ( s ′ , τ ∗ α, C ) R > 0 ∀ α ∈ Σ ∪{ τ }∪ I Two configurations s , s ′ are weak bisimilar ( s ≈ s ′ ) iff ( s , s ′ ) ∈ R for some weak bisimulation R . 8/23
Time and Weak Bisimulation of Probabilistic Timed Probability based Information Flow Automata (2) Analysis A. Troina Introduction τ, 1 The Model of PTA 3 ✓✏ ✓✏ Non-interference Non-deterministic r 0 ✠ Systems ✲ ✒✑ ✲ ✒✑ q 0 Timed Systems Probabilistic Systems ✡ ❏ ✡ ❏ Classifying Properties a , 1 b , 1 a , 1 b , 1 ✡ ❏ ✡ ❏ 2 2 3 3 Non Deducibility on Composition ✡ ❏ ✡ ❏ ✓✏ x = 5 x = 5 ✓✏ ✓✏ z = 5 z = 5 ✓✏ A Finer Classification ✡ ❏ ✡ ❏ ✢ ✡ ❏ ❫ ✡ ✢ ❫ ❏ ✒✑ ✒✑ ✒✑ ✒✑ q 1 q 2 r 1 r 2 A 1 A 2 Figure: A 1 ≈ A 2 . 9/23
Time and Auxiliary operators for Probabilistic Timed Probability based Information Flow Automata Analysis A. Troina Introduction Given two PTA A 1 and A 2 , L ⊆ Σ set of synchronization The Model of PTA actions and p ∈ ]0 , 1[ advancing speed parameter, A 1 || p L A 2 Non-interference Non-deterministic denotes the parallel composition . The composition is a PTA Systems Timed Systems obtained by normalizing probabilities and hiding with the τ Probabilistic Systems Classifying Properties label the synchronized actions. Non Deducibility on Composition The restriction of a PTA A with respect to the set of actions A Finer Classification L is A \ L , obtained from A by removing transitions and normalization of probabilities. The hiding of a PTA A with respect to the set of actions L is A / L where each transition label a ∈ L is replaced by label τ . 10/23
Time and Non-interference Probability based Information Flow Analysis A. Troina A system S satisfies the Non-interference property ( S ∈ NI ) if high level agents do not interfere with the observable Introduction behavior of the system from the low level point of view: The Model of PTA Non-interference Non-deterministic Systems S ∈ NI ⇔ S / Σ H ≈ S \ Σ H Timed Systems Probabilistic Systems Classifying Properties where Σ H is the set of high level actions. Non Deducibility on Composition (The observable behavior of the isolated system is bisimilar A Finer Classification to the behavior of the system which communicates with high level agents in an invisible manner for the low agent point of view). Proposition. It is decidable to check whether a system S satisfies the NI property. 11/23
Time and Non-deterministic Non-interference Probability based Information Flow Analysis A. Troina An example of non-deterministic covert channel. Introduction The Model of PTA ✲ ✐ ✐ ✲ ✐ ✲ ✐ ✐ Non-interference h τ ✲ ✲ Non-deterministic q 0 q 1 q 0 q 0 q 1 Systems Timed Systems l ′ l ′ l ′ Probabilistic Systems l l ✐ ✐ ✐ ✐ ✐ Classifying Properties ❄ ❄ ❄ ❄ ❄ q 2 q 3 q 2 q 2 q 3 Non Deducibility on Composition A A \ Σ H A / Σ H A Finer Classification The high level action h interferes with the observation of the action l . In A \ Σ H the low level agent observes only the execution of l , whereas, in A / Σ H also action l ′ may be observed. A low level agent, observing the event l knows that action h has occurred. 12/23
Time and Timed Non-interference Probability based Information Flow Analysis An example of timing covert channel. A. Troina Introduction The Model of PTA ✲ ✐ ✐ ✲ ✐ ✲ ✐ ✐ h τ Non-interference ✲ ✲ q 0 q 1 q 0 q 0 q 1 Non-deterministic Systems l l Timed Systems l x = 0 l x = 0 l x = 0 ✐ ✐ x = 5 ✐ ✐ ✐ x = 5 Probabilistic Systems ❄ ❄ ❄ ❄ ❄ Classifying Properties q 2 q 3 q 2 q 2 q 3 Non Deducibility on Composition A A \ Σ H A / Σ H A Finer Classification The high level action h interferes with the time of observing the action l . In A \ Σ H the low level agent observes l executed immediately, whereas, in A / Σ H l could either be observed immediately or when the clock x reaches value 5. A low level agent, observing the event l when clock x has value 5 knows that action h has occurred. 13/23
Recommend
More recommend