Security

Assumptions and Guarantees for Compositional Noninterference

Free registration required

Executive Summary

The idea of building secure systems by plugging together "Secure" components is appealing, but this requires a definition of security which, in addition to taking care of top-level security goals, is strengthened appropriately in order to be compositional. This approach has been previously studied for information-flow security of shared-variable concurrent programs, but the price for compositionality is very high: a thread must be extremely pessimistic about what an environment might do with shared resources. This pessimism leads to many intuitively secure threads being labelled as insecure.

  • Format: PDF
  • Size: 290.58 KB