TY - GEN
T1 - Inductive invariants for noninterference in multi-agent workflows
AU - Muller, Christian
AU - Seidl, Helmut
AU - Zalinescu, Eugen
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/8/7
Y1 - 2018/8/7
N2 - Our goal is to certify absence of information leaks in multi-agent workflows, such as conference management systems like EasyChair. These workflows can be executed by any number of agents some of which may form coalitions against the system. Therefore, checking noninterference is a challenging problem. Our paper offers two main contributions: First, a technique is provided to translate noninterference (in presence of various agent capabilities and declassification conditions) into universally quantified invariants of an instrumented new workflow program. Second, general techniques are developed for checking and inferring universally quantified inductive invariants for workflow programs. In particular, a large class of workflows is identified where inductiveness of invariants is decidable, as well as a smaller, still useful class of workflows where the weakest inductive universal invariant implying the desired invariant, is effectively computable. The new algorithms are implemented and applied to certify noninterference for workflows arising from conference management systems.
AB - Our goal is to certify absence of information leaks in multi-agent workflows, such as conference management systems like EasyChair. These workflows can be executed by any number of agents some of which may form coalitions against the system. Therefore, checking noninterference is a challenging problem. Our paper offers two main contributions: First, a technique is provided to translate noninterference (in presence of various agent capabilities and declassification conditions) into universally quantified invariants of an instrumented new workflow program. Second, general techniques are developed for checking and inferring universally quantified inductive invariants for workflow programs. In particular, a large class of workflows is identified where inductiveness of invariants is decidable, as well as a smaller, still useful class of workflows where the weakest inductive universal invariant implying the desired invariant, is effectively computable. The new algorithms are implemented and applied to certify noninterference for workflows arising from conference management systems.
KW - abstract-interpretation
KW - inductive-invariants
KW - multi-agent-workflows
KW - non-interference
UR - http://www.scopus.com/inward/record.url?scp=85052057885&partnerID=8YFLogxK
U2 - 10.1109/CSF.2018.00025
DO - 10.1109/CSF.2018.00025
M3 - Conference contribution
AN - SCOPUS:85052057885
SN - 9781538666807
T3 - Proceedings - IEEE Computer Security Foundations Symposium
SP - 247
EP - 261
BT - Proceedings - IEEE 31st Computer Security Foundations Symposium, CSF 2018
PB - IEEE Computer Society
T2 - 31st IEEE Computer Security Foundations Symposium, CSF 2018
Y2 - 9 July 2018 through 12 July 2018
ER -