Hide and New in the Pi-Calculus
This work addresses security modeling in process calculi for researchers in formal methods, though it is incremental as it builds upon the pi-calculus framework.
The paper tackles the problem of representing confidentiality in the pi-calculus by introducing a 'hide' operator that restricts access to communication objects, resulting in stronger security guarantees compared to the existing 'new' operator, as demonstrated through formal observational theory and bisimulation semantics.
In this paper, we enrich the pi-calculus with an operator for confidentiality (hide), whose main effect is to restrict the access to the object of the communication, thus representing confidentiality in a natural way. The hide operator is meant for local communication, and it differs from new in that it forbids the extrusion of the name and hence has a static scope. Consequently, a communication channel in the scope of a hide can be implemented as a dedicated channel, and it is more secure than one in the scope of a new. To emphasize the difference, we introduce a spy context that represents a side-channel attack and breaks some of the standard security equations for new. To formally reason on the security guarantees provided by the hide construct, we introduce an observational theory and establish stronger equivalences by relying on a proof technique based on bisimulation semantics.