| Abstract |
|
We address the problem of characterising the security of a program against unauthorised information flows. Classical approaches are based on non-interference models which depend ultimately on the notion of process equivalence. In these models confidentiality is an absolute property stating the absence of any illegal information flow. We present a model in which the notion of non-interference is approximated in the sense that it allows for some exactly quantified leakage of information. This is characterised via a notion of process similarity which replaces the indistinguishability of processes by a quantitative measure of their behavioural difference. Such a quantity is related to the number of statistical tests needed to distinguish two behaviours. We also present two semantics-based analyses of approximate non-interference and we show that one is a correct abstraction of the other.
|
 Additional Information
|
Citation:
Alessandra Di Pierro, Chris Hankin, Herbert Wiklicky,
"Approximate Non-Interference,"
csfw,
p. 3,
15th IEEE Computer Security Foundations Workshop (CSFW'02),
2002
|
