Delimited Persistent Stochastic Non-Interference

Non-Interference is an information flow security property which aims to protect confidential data by ensuring the complete absence of any information flow from high level entities to low level ones. However, this requirement is too demanding when dealing with real applications: indeed, no real policy ever guarantees a total absence of information flow. In order to deal with real applications, it is often necessary to allow mechanisms for downgrading or declassifying information such as information filters and channel control. In this paper we generalize the notion of Persistent Stochastic Non-Interference (PSNI) in order to allow information to flow from a higher to a lower security level through a downgrader. We introduce the notion of Delimited Persistent Stochastic Non-Interference (D_PSNI) and provide two characterizations of it, one expressed in terms of bisimulation-like equivalence checks and another one formulated through unwinding conditions. Then we prove some compositionality properties. Finally, we present a decision algorithm and discuss its complexity.