Publication | Closed Access
Approximate non-interference
77
Citations
0
References
2004
Year
EngineeringInformation SecurityInformation LeakageVerificationSoftware AnalysisFormal VerificationProcess SimilarityInformation Theoretic SecurityData PrivacyComputer ScienceLanguage-based SecurityInformation FlowData SecurityCryptographyIllegal Information FlowProgram AnalysisFormal MethodsModels ConfidentialityComputer Security Model
We address the problem of characterising the security of a program against unauthorised information flows. Classical approaches are based on non-interference models which depend ultimately on the notion of process equivalence. In these models confidentiality is an absolute property stating the abse nce of any illegal information flow. We present a model in which the notion of non-interference is approximated in the sense that it allows for some exactly quantified leakage of information. This is characterised via a notion of process similarity which replaces the indistinguishability of processes by a quantitative measure of their behavioural difference. Such a quantity is related to the number of statistical tests needed to distinguish two behaviours. We also present two semantics-based analyses of approximate non-interference and we show that one is a correct abstraction of the other.