Safe equivalences for Security properties

Mario S. Alvim; Miguel E. Andres; Catuscia Palamidessi; Peter van Rossum

doi:10.1007/978-3-642-15240-5_5

Safe equivalences for Security properties

Mario S. Alvim, Miguel E. Andres, Catuscia Palamidessi, Peter van Rossum

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In the field of Security, process equivalences have been used to characterize various information-hiding properties (for instance secrecy, anonymity and non-interference) based on the principle that a protocol P with a variable x satisfies such property if and only if, for every pair of secrets s1 and s2, P[s1/x] is equivalent to P[s2/x]. We argue that, in the presence of nondeterminism, the above principle relies on the assumption that the scheduler "works for the benefit of the protocol", and this is usually not a safe assumption. Non-safe equivalences, in this sense, include complete-trace equivalence and bisimulation. We present a formalism in which we can specify admissible schedulers and, correspondingly, safe versions of these equivalences. We prove that safe bisimulation is still a congruence. Finally, we show that safe equivalences can be used to establish information-hiding properties.

Original language	English
Title of host publication	Theoretical Computer Science - 6th IFIP TC 1/WG 2.2 International Conference, TCS 2010, Held as Part of WCC 2010, Proceedings
Publisher	Springer New York LLC
Pages	55-70
Number of pages	16
ISBN (Print)	3642152392, 9783642152399
DOIs	https://doi.org/10.1007/978-3-642-15240-5_5
Publication status	Published - 1 Jan 2010
Event	6th IFIP TC 1/WG 2.2 International Conference on Theoretical Computer Science, TCS 2010, Held as Part of 21st IFIP World Computer Congress, WCC 2010 - Brisbane, QLD, Australia Duration: 20 Sept 2010 → 23 Sept 2010

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	323 AICT
ISSN (Print)	1868-4238

Conference

Conference	6th IFIP TC 1/WG 2.2 International Conference on Theoretical Computer Science, TCS 2010, Held as Part of 21st IFIP World Computer Congress, WCC 2010
Country/Territory	Australia
City	Brisbane, QLD
Period	20/09/10 → 23/09/10

Access to Document

10.1007/978-3-642-15240-5_5

Cite this

Alvim, M. S., Andres, M. E., Palamidessi, C., & van Rossum, P. (2010). Safe equivalences for Security properties. In Theoretical Computer Science - 6th IFIP TC 1/WG 2.2 International Conference, TCS 2010, Held as Part of WCC 2010, Proceedings (pp. 55-70). (IFIP Advances in Information and Communication Technology; Vol. 323 AICT). Springer New York LLC. https://doi.org/10.1007/978-3-642-15240-5_5

@inproceedings{0b5233d2796a413d8fe766b89d97949e,

title = "Safe equivalences for Security properties",

abstract = "In the field of Security, process equivalences have been used to characterize various information-hiding properties (for instance secrecy, anonymity and non-interference) based on the principle that a protocol P with a variable x satisfies such property if and only if, for every pair of secrets s1 and s2, P[s1/x] is equivalent to P[s2/x]. We argue that, in the presence of nondeterminism, the above principle relies on the assumption that the scheduler {"}works for the benefit of the protocol{"}, and this is usually not a safe assumption. Non-safe equivalences, in this sense, include complete-trace equivalence and bisimulation. We present a formalism in which we can specify admissible schedulers and, correspondingly, safe versions of these equivalences. We prove that safe bisimulation is still a congruence. Finally, we show that safe equivalences can be used to establish information-hiding properties.",

author = "Alvim, \{Mario S.\} and Andres, \{Miguel E.\} and Catuscia Palamidessi and \{van Rossum\}, Peter",

year = "2010",

month = jan,

day = "1",

doi = "10.1007/978-3-642-15240-5\_5",

language = "English",

isbn = "3642152392",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer New York LLC",

pages = "55--70",

booktitle = "Theoretical Computer Science - 6th IFIP TC 1/WG 2.2 International Conference, TCS 2010, Held as Part of WCC 2010, Proceedings",

note = "6th IFIP TC 1/WG 2.2 International Conference on Theoretical Computer Science, TCS 2010, Held as Part of 21st IFIP World Computer Congress, WCC 2010 ; Conference date: 20-09-2010 Through 23-09-2010",

}

Alvim, MS, Andres, ME, Palamidessi, C & van Rossum, P 2010, Safe equivalences for Security properties. in Theoretical Computer Science - 6th IFIP TC 1/WG 2.2 International Conference, TCS 2010, Held as Part of WCC 2010, Proceedings. IFIP Advances in Information and Communication Technology, vol. 323 AICT, Springer New York LLC, pp. 55-70, 6th IFIP TC 1/WG 2.2 International Conference on Theoretical Computer Science, TCS 2010, Held as Part of 21st IFIP World Computer Congress, WCC 2010, Brisbane, QLD, Australia, 20/09/10. https://doi.org/10.1007/978-3-642-15240-5_5

Safe equivalences for Security properties. / Alvim, Mario S.; Andres, Miguel E.; Palamidessi, Catuscia et al.
Theoretical Computer Science - 6th IFIP TC 1/WG 2.2 International Conference, TCS 2010, Held as Part of WCC 2010, Proceedings. Springer New York LLC, 2010. p. 55-70 (IFIP Advances in Information and Communication Technology; Vol. 323 AICT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Safe equivalences for Security properties

AU - Alvim, Mario S.

AU - Andres, Miguel E.

AU - Palamidessi, Catuscia

AU - van Rossum, Peter

PY - 2010/1/1

Y1 - 2010/1/1

N2 - In the field of Security, process equivalences have been used to characterize various information-hiding properties (for instance secrecy, anonymity and non-interference) based on the principle that a protocol P with a variable x satisfies such property if and only if, for every pair of secrets s1 and s2, P[s1/x] is equivalent to P[s2/x]. We argue that, in the presence of nondeterminism, the above principle relies on the assumption that the scheduler "works for the benefit of the protocol", and this is usually not a safe assumption. Non-safe equivalences, in this sense, include complete-trace equivalence and bisimulation. We present a formalism in which we can specify admissible schedulers and, correspondingly, safe versions of these equivalences. We prove that safe bisimulation is still a congruence. Finally, we show that safe equivalences can be used to establish information-hiding properties.

AB - In the field of Security, process equivalences have been used to characterize various information-hiding properties (for instance secrecy, anonymity and non-interference) based on the principle that a protocol P with a variable x satisfies such property if and only if, for every pair of secrets s1 and s2, P[s1/x] is equivalent to P[s2/x]. We argue that, in the presence of nondeterminism, the above principle relies on the assumption that the scheduler "works for the benefit of the protocol", and this is usually not a safe assumption. Non-safe equivalences, in this sense, include complete-trace equivalence and bisimulation. We present a formalism in which we can specify admissible schedulers and, correspondingly, safe versions of these equivalences. We prove that safe bisimulation is still a congruence. Finally, we show that safe equivalences can be used to establish information-hiding properties.

U2 - 10.1007/978-3-642-15240-5_5

DO - 10.1007/978-3-642-15240-5_5

M3 - Conference contribution

AN - SCOPUS:79959752910

SN - 3642152392

SN - 9783642152399

T3 - IFIP Advances in Information and Communication Technology

SP - 55

EP - 70

BT - Theoretical Computer Science - 6th IFIP TC 1/WG 2.2 International Conference, TCS 2010, Held as Part of WCC 2010, Proceedings

PB - Springer New York LLC

T2 - 6th IFIP TC 1/WG 2.2 International Conference on Theoretical Computer Science, TCS 2010, Held as Part of 21st IFIP World Computer Congress, WCC 2010

Y2 - 20 September 2010 through 23 September 2010

ER -

Safe equivalences for Security properties

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this