What , Indeed , is Intransitive Noninterference ? ( Preliminary Report ) ⋆
نویسنده
چکیده
This paper argues that Haigh and Young’s definition of noninterference for intransitive security policies admits information flows that are not in accordance with the intuitions it seeks to formalise. Several alternative definitions are discussed, which are shown to be equivalent to the classical definition of noninterference with respect to transitive policies. Rushby’s unwinding conditions for intransitive noninterference are shown to be sound and complete for one of these definitions, TAsecurity. Access control systems compatible with a policy are also shown to be TA-secure, and it is also shown that TA-security implies that the system can be interpreted as an access control system.
منابع مشابه
What, Indeed, Is Intransitive Noninterference?
This paper argues that Haigh and Young’s definition of noninterference for intransitive security policies admits information flows that are not in accordance with the intuitions it seeks to formalise. Several alternative definitions are discussed, which are shown to be equivalent to the classical definition of noninterference with respect to transitive policies. Rushby’s unwinding conditions fo...
متن کاملNoninterference , Transitivity , and Channel - Control Security Policies 1
We consider noninterference formulations of security policies [7] in which the “interferes” relation is intransitive. Such policies provide a formal basis for several real security concerns, such as channel control [17, 18], and assured pipelines [4]. We show that the appropriate formulation of noninterference for the intransitive case is that developed by Haigh and Young for “multidomain secur...
متن کاملWhat Is Intransitive Noninterference?
The term “intransitive noninterference” refers to the information flow properties required of systems like downgraders, in which it may be legitimate for information to flow indirectly between two users but not directly. We examine the usual definition of this property in terms of a modified purge function, and show that this is a distinctly weaker property than an alternative we derive from co...
متن کاملA comparison of semantic models for intransitive noninterference⋆
Noninterference is a notion of information flow security, originally defined for transitive information flow policies. A number of different definitions of noninterference have been proposed for intransitive policies. These definitions are stated with respect to several different semantic models, including state machines with observations on states, state machines with outputs associated to act...
متن کاملThe Generic Unwinding Theorem for CSP Noninterference Security
The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such ...
متن کامل