Probabilistic Noninterference for Multi-threaded Programs
Paper i proceeding, 2000

A program which has access to your sensitive data presents a security threat. Does the program keep your secrets secret? To answer the question one must specify what it means for a program to be secure, and one may wish to verify the security specification before executing the program. We present a probability-sensitive security specification (probabilistic noninterference) for multi-threaded programs based on a probabilistic bisimulation. Some previous approaches to specifying confidentiality rely on a particular scheduler for executing program threads. This is unfortunate since scheduling policy is typically outside the language specification for multi-threaded languages. We describe how to generalise noninterference in order to define robust security with respect to any particular scheduler used and show, for a simple imperative language with dynamic thread creation, how the security condition satisfies compositionality properties which facilitates a straightforward proof of correctness of e.g. security type systems.


Andrei Sabelfeld


Institutionen för datavetenskap

David Sands

Institutionen för datavetenskap


Proceedings of the 13th IEEE Computer Security Foundations Workshop



Datavetenskap (datalogi)

Mer information