Data-Dependent Confidentiality in DCR Graphs

We present DCRSec, a confidentially aware declarative process language with data that employs data-dependent security levels and an information flow monitor that prevents the violation of information flow policies. Data-dependent security levels have been used to shape precise information flow policies and properly identify security compartments. We use an illustrative example to show that it also models process instances in a flexible but precise way. The semantics of the language is based on a version of the Dynamic Condition Response Graph language, which allows for declaring data-aware, event-based processes with finitary and infinitary computations subject to liveness properties and dynamically spawned sub-processes. The key technical contribution is to provide a termination-insensitive information flow monitor and prove non-interference, a soundness property, and transparency in all traces of DCRSec processes.