What , Indeed , is Intransitive Noninterference ? ( Preliminary Report ) ⋆

نویسنده

  • Ron van der Meyden
چکیده

This paper argues that Haigh and Young’s definition of noninterference for intransitive security policies admits information flows that are not in accordance with the intuitions it seeks to formalise. Several alternative definitions are discussed, which are shown to be equivalent to the classical definition of noninterference with respect to transitive policies. Rushby’s unwinding conditions for intransitive noninterference are shown to be sound and complete for one of these definitions, TAsecurity. Access control systems compatible with a policy are also shown to be TA-secure, and it is also shown that TA-security implies that the system can be interpreted as an access control system.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

What, Indeed, Is Intransitive Noninterference?

This paper argues that Haigh and Young’s definition of noninterference for intransitive security policies admits information flows that are not in accordance with the intuitions it seeks to formalise. Several alternative definitions are discussed, which are shown to be equivalent to the classical definition of noninterference with respect to transitive policies. Rushby’s unwinding conditions fo...

متن کامل

Noninterference , Transitivity , and Channel - Control Security Policies 1

We consider noninterference formulations of security policies [7] in which the “interferes” relation is intransitive. Such policies provide a formal basis for several real security concerns, such as channel control [17, 18], and assured pipelines [4]. We show that the appropriate formulation of noninterference for the intransitive case is that developed by Haigh and Young for “multidomain secur...

متن کامل

What Is Intransitive Noninterference?

The term “intransitive noninterference” refers to the information flow properties required of systems like downgraders, in which it may be legitimate for information to flow indirectly between two users but not directly. We examine the usual definition of this property in terms of a modified purge function, and show that this is a distinctly weaker property than an alternative we derive from co...

متن کامل

A comparison of semantic models for intransitive noninterference⋆

Noninterference is a notion of information flow security, originally defined for transitive information flow policies. A number of different definitions of noninterference have been proposed for intransitive policies. These definitions are stated with respect to several different semantic models, including state machines with observations on states, state machines with outputs associated to act...

متن کامل

The Generic Unwinding Theorem for CSP Noninterference Security

The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007