Semantics-based models for confidentiality of multi-threaded programs

Andrei Sabelfeld
Chalmers University of Technology

Malicious code is any code added, changed or removed from a software system in order to intentionally cause harm or subvert the desired function of the system. Malicious code intended to leak sensitive information available to the system constitutes a confidentiality threat. Unfortunately, existing protection techniques (such as anti-virus software, code signing and OS-based monitors) are of limited use for ensuring the absence of undesired leaks. Furthermore, such a leak may be performed through covert channels such as timing and/or probabilistic system behaviour observable by the attacker.

This talk presents a formalisation of confidentiality for multi-thread programs by a standard notion of probabilistic bisimulation. We arrive at a timing/probability-sensitive compositional security specification and present a security-type system that certifies programs' confidentiality according to the bisimulation-based definition.


ASTEC seminar
December 11, 2001

Place: Information technology, Uppsala University
Room: 1113
Time: 15.15-16.00 (+ discussions)

Room 1113 is in building 1, floor 1, room 13 (in the southern part of the building).

Help on how to find ASTEC Seminars.

There will be an extended period for discussions after the seminar.

Speakers are encouraged to give an short (5 min) introduction to the subject at the begining of the talk.
Listeners are excused if they have to leave after 16.00.

Everyone is welcome !

Updated 20-Nov-2001 12:34 by Roland Grönroos
e-mail: info -at-    Location: