Information-flow policies prescribe which information is available to a given user or subsystem. We study the problem of specifying such properties in reactive systems, which may require dynamic changes in information-flow restrictions between their states. We formalize several flavours of sequential information-flow, which cover different assumptions about the semantic relation between multiple observations of a system. Information-flow specification falls into the category of hyperproperties. We define different variants of sequential information-flow specification using a first-order logic with both trace quantifiers and temporal quantifiers called Hypertrace Logic. We prove that HyperLTL, equivalent to a subset of Hypertrace Logic with restricted quantifier prefixes, cannot specify the majority of the studied two-state independence variants. For our results, we introduce a notion of equivalence between sets of traces that cannot be distinguished by certain classes of formulas in Hypertrace Logic. This presents a new approach to proving inexpressiveness results for logics such as HyperLTL.

中文翻译：

---

顺序信息流的味道

信息流策略规定了给定用户或子系统可以使用哪些信息。我们研究了在电抗系统中指定此类属性的问题，这可能需要动态改变其状态之间的信息流限制。我们形式化了顺序信息流的几种形式，这些形式涵盖了关于系统的多个观察之间的语义关系的不同假设。信息流规范属于超属性类别。我们使用带有跟踪量词和时间量词的一阶逻辑（称为Hypertrace Logic）定义顺序信息流规范的不同变体。我们证明，HyperLTL等同于带有有限量词前缀的Hypertrace Logic的子集，不能指定大多数研究的两态独立变量。对于我们的结果，我们引入了迹线组之间的等效概念，而超迹线逻辑中的某些类别的公式无法区分这些迹线。这为证明诸如HyperLTL之类的逻辑的不表达结果提供了一种新方法。