Abstract
Weak probabilistic noninterference is a security property for enforcing confidentiality in multi-threaded programs. It aims to guarantee secure flow of information in the program and ensure that sensitive information does not leak to attackers. In this paper, the problem of verifying weak probabilistic noninterference by leveraging formal methods, in particular algorithmic verification, is discussed. Behavior of multi-threaded programs is modeled using probabilistic Kripke structures and formalize weak probabilistic noninterference in terms of these structures. Then, a verification algorithm is proposed to check weak probabilistic noninterference. The algorithm uses an abstraction technique to compute quotient space of the program with respect to an equivalence relation called weak probabilistic bisimulation and does a simple check to decide whether the security property is satisfied or not. The progress made is demonstrated by a real-world case study. It is expected that the proposed approach constitutes a significant step towards more widely applicable secure information flow analysis.
Highlights
In most of researches done on secure information flow, a security property specifying the confidentiality policy is formally defined and a verification method is proposed to check the property
A program satisfies weak probabilistic noninterference, if and only if all executions with low-equivalent initial states visit the same sequence of equivalent classes with respect to weak probabilistic bisimulation
Weak probabilistic noninterference is a notion of confidentiality for multi-threaded programs
Summary
A confidentiality policy prevents the unauthorized disclosure of information. Cryptography and access control are examples of confidentiality mechanisms They do not restrict the flow of information inside a program. When an android application grants permission to access contacts, there is no cryptography or access control mechanism to verify legal use of the contacts by the application. This is where secure information flow comes to the rescue. Information flow properties are designed to prevent the information from flowing to an unauthorized user, i.e., attacker or low-observer [2]. An information flow property is defined in such a way that it prevents data in H from flowing to L. It is desirable to establish an automatic and efficient verification approach for secure information flow
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
