DocumentCode :
1383161
Title :
Time and Probability-Based Information Flow Analysis
Author :
Lanotte, Ruggero ; Maggiolo-Schettini, Andrea ; Troina, Angelo
Author_Institution :
Dipt. di Sci. della Cultura, Univ. dell´´Insubria, Como, Italy
Volume :
36
Issue :
5
fYear :
2010
Firstpage :
719
Lastpage :
734
Abstract :
In multilevel systems, it is important to avoid unwanted indirect information flow from higher levels to lower levels, namely, the so-called covert channels. Initial studies of information flow analysis were performed by abstracting away from time and probability. It is already known that systems that are proven to be secure in a possibilistic framework may turn out to be insecure when time or probability is considered. Recently, work has been done in order to consider also aspects either of time or of probability, but not both. In this paper, we propose a general framework based on Probabilistic Timed Automata, where both probabilistic and timing covert channels can be studied. We define a Noninterference security property and a Nondeducibility on Composition security property, which allow expressing information flow in a timed and probabilistic setting. We then compare these properties with analogous ones defined in contexts where either time or probability or neither of them are taken into account. This permits a classification of the properties depending on their discerning power. As an application, we study a system with covert channels that we are able to discover by applying our techniques.
Keywords :
data flow analysis; probabilistic automata; probability; security of data; software agents; software engineering; composition security property; covert channel; indirect unwanted information flow; multilevel system; nondeducibility; noninterference security property; probabilistic covert channel; probabilistic timed automata; probability based information flow analysis; timing covert channel; Automata; Clocks; Communication system control; Control systems; Information analysis; Information security; Multilevel systems; Performance analysis; Power system security; Timing; Probabilistic timed automata; information flow analysis; multilevel security; weak bisimulation.;
fLanguage :
English
Journal_Title :
Software Engineering, IEEE Transactions on
Publisher :
ieee
ISSN :
0098-5589
Type :
jour
DOI :
10.1109/TSE.2010.4
Filename :
5383372
Link To Document :
بازگشت