News

SysV: notes on confidentiality preserving refinement

Written on 12.12.2021 11:36 by Hamed Nemati

Some notes on confidentiality preserving refinement stated in the following theorem:

$\text{Theorem: we say} \mathit{T_{impl}\ \mathcal{P}\!-\!refine\ T_{spec}} \text{ if } T_{spec} \lesssim T_{impl} \text{ and all behaviours of } T_{impl} \text{ are possible behaviours of } T_{spec}.$

where $T_{spec} \lesssim T_{impl}$ means "T_impl simulates T_spec" and it is define as follows:

$\forall s_1 \lesssim s'_1 \text{ and } \alpha \in \mathcal{P} \text{ if } s_1 \in \alpha \text{ then } s'_1 \in \alpha \text{ and for all } s_2 \text{ and } a \in \mathbb{A} \text{ such that } s_1 \xrightarrow[]{a} s_2 \text{ then there exists } s'_2 \text{ such that } s'_1 \xrightarrow[]{a} s'_2 \text{ and } s_2 \lesssim s'_2.$

Regarding the simulation relation used in the confidentiality preserving refinement part of the lecture, please note the direction of the simulation property, that is "T_impl simulates T_spec". This is in opposite direction of the simulation property we normally use to prove the functional correctness of systems. The specific direction that we used here guarantees that all permitted behaviour of the systems (modeled by the specification) are also behaviour of the implementation model.

Moreover, to rule out the problem stated in slide 39 (slide 44 in lecture notes) we used an additional constraint (stated as "all behaviours of T_impl are possible behaviors of T_spec" in the final Theorem) to make sure that there cannot be an implementation trace for which there is no corresponding specification trace. Please note that, in the supplementary paper this constraint is denoted as $Tr(T_{impl}) \subseteq Tr(T_{spec})$ .

These two conditions together help us to prove the theorem above and thus conclude that implementation does not leak more secret than the specification.

In the simulation relation definition the condition " $\text{if } s_1 \in \alpha \text{ then } s'_1 \in \alpha$ " guarantees that initial states of the two transitions are related by the property $\alpha$

Formal Methods in Security

News

SysV: notes on confidentiality preserving refinement