Abstract Non-Interference: A unifying framework for weakening information flow

Non-interference happens when some elements of a dynamic system do not interfere, i.e., do not a ect, other elements in the same system. Originally introduced in language-based security, non-interference means that the manipulation of private information has no e ect on public observations of data. In this paper we introduce abstract non-interference as a weakening of non-interference by abstract interpretation. Abstract non- interference is parametric on which private information we want to protect and which are the observational capabilities of the external observer, i.e., what the attacker can observe of a computation and of the data manipulated during the computation. This allows us to model a variety of situations in information- ow security, where the security of a system can be mastered by controlling the degree of precision of the strongest harmless attacker and the properties that are potentially leaked in case of successful attack