A good intro is the first few pages of nelson:osr:2020 — but after that, it gets a bit denser.

Some key decisions in choosing a non-interference framework to use are:

• do you want to support downgrading (transfer of information under restricted conditions). If so, you probably need an intransitive policy. An alternative approach is to verify non-interference for the non-downgrading part of the system and verify the declassifier separately. A final alternative is to add preconditions or axioms on those operations that downgrading applies to.

• do you want to restrict transfer of data (eg memory/file contents) or do you also want to restrict transfer of metadata (eg how much memory is being used). To restrict data, specify restrictions on what states can be distinguished and to restrict metadata, specify restrictions on what traces can be distinguished.

Notes related to Non-interference

Hyperproperty, Language based security, Non leakage

Papers related to Non-interference

• The meaning of memory safety [azevedo:post:2018]
• Noninterference for free [bowman:icfp:2015]
• Komodo: Using verification to disentangle secure-enclave hardware from software [ferraiuolo:sosp:2017]
• Spectector: Principled detection of speculative information flows [guarnieri:sandp:2020]
• Testing noninterference, quickly [hritcu:icfp:2013]
• Noninterference via symbolic execution [milushev:forte:2012]
• Noninterference specifications for secure systems [nelson:osr:2020]
• Scaling symbolic evaluation for automated verification of systems code with Serval [nelson:sosp:2019]
• Automatic derivation of platform noninterference properties [schwarz:sefm:2016]
• Execution leases: A hardware-supported mechanism for enforcing strong non-interference [tiwari:isca:2009]