Non-interference assessment in colored net systems via integer linear programming

Abstract

Event-related information leaks are a potential security hazard in information systems. Non-interference is a security property to describe event-related information security. Non-interference assessment is to detect whether a public observer can infer the occurrences of private events from the observation of public ones. To assess the non-interference of information systems, the utilization of formal modeling tools, especially Petri nets (PNs), is an effective way used in most previous works. However, for large-scale systems, non-interference assessment leads to the problem of state explosion in the context of basic net systems (NSs) defined by PNs. In this paper, considering the structural similarity of large-scale systems, colored PNs are used to model them more compactly and efficiently. We focus on the assessment of two typical non-interference properties, i.e., strong nondeterministic non-interference (SNNI) and bisimulation SNNI (BSNNI), in colored NSs (CNSs). Specifically, we propose a non-interference assessment method for bounded CNSs based on the definitions of SNNI and BSNNI in the context of CNSs. This method involves coarse and fine assessments. A coarse assessment is achieved via integer linear programming (ILP) by leveraging the structural similarity of systems. In contrast, the fine assessment can be fulfilled using ILP-based analysis or firing way analysis based on the results obtained by the coarse assessment, which is not essentially necessary. In particular, a fine assessment is necessary only if a coarse assessment is failed to obtain accurate assessment results. Finally, efficiency analysis reveals that our method reduces assessment redundancy and improves assessment efficiency.