
Departmental Papers (CIS)
Date of this Version
June 2003
Document Type
Conference Paper
Recommended Citation
Stephan A. Zdancewic and Andrew C. Myers, "Observational Determinism for Concurrent Program Security", . June 2003.
Abstract
Noninterference is a property of sequential programs that is useful for expressing security policies for data confidentiality and integrity. However, extending noninterference to concurrent programs has proved problematic. In this paper we present a relatively expressive secure concurrent language. This language, based on existing concurrent calculi, provides first-class channels, higher-order functions, and an unbounded number of threads. Well-typed programs obey a generalization of noninterference that ensures immunity to internal timing attacks and to attacks that exploit information about the thread scheduler. Elimination of these refinement attacks is possible because the enforced security property extends noninterference with observational determinism. Although the security property is strong, it also avoids some of the restrictiveness imposed on previous security-typed concurrent languages.
Date Posted: 21 November 2004
This document has been peer reviewed.
Comments
Copyright 2003 IEEE. Reprinted from Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW 2003) pages 29-43.
Publisher URL: http://ieeexplore.ieee.org/xpl/tocresult.jsp?isNumber=27273
This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.