Towards Using Possibilistic Information Flow Control
نویسندگان
چکیده
We show how security requirements, in particular confidentiality requirements, for a whole multiagent system can formally be decomposed into confidentiality requirements for the agents. The decomposition assumes that there is some control over, or trust in, a subset of the agents and that the platform is trusted to satisfy certain reasonable assumptions. It is generic over the internal execution model of the agents. The decomposition is carried out in full detail for one specific class of confidentiality requirements, yielding a theorem that can be directly applied to derive confidentiality requirements for single agents from the overall requirement. Similar decompositions for other global requirements or under slightly different assumptions about the platform can be carried out along the same lines. For expressing security requirements we use an existing framework for possibilistic information flow control, profitting from, e.g., the framework’s available composition results. The decomposition, because it is carried out formally and rests on a well-studied framework, is fully rigorous and the resulting property of the overall system is well-understood.
منابع مشابه
Possibilistic Information Flow Control
Distributed systems make increasing use of encrypted channels to enable confidential communication. While non-interference provides suitable means to investigate the flow of information within distributed systems, it has proved to be rather difficult to capture the notion of encrypted channels in such a framework. In this paper, we extend the framework MAKS for possibilistic information flow in...
متن کاملPossibilistic Information Flow Control in MAKS and Action Refinement
Formal methods emphasizes the need for a top-down approach when developing large reliable software systems. Refinements are used to map step by step abstract algebraic specifications to executable specifications. Action refinements are used to add detailed design information to abstract actions. Information flow control is used to specify and verify the admissible flow of confidential informati...
متن کاملPossibilistic Information Flow Control for Workflow Management Systems
In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and associated security requirements. We present an approach for formally verifying that a workflow satisfies such security requirements. For this purpose, we define the ...
متن کاملFlow Line Systems with Possibilistic Data: a System with Waiting Time in Line Uncertain
This paper proposes to analyze two flow line systems in which we include possibilistic data -the priority-discipline is possibilistic instead of probabilisticand measure the performances of the systems with the effectiveness measure “waiting time in queue”. In a previous work we have analyzed and developed a queuing model with uncertain priority-discipline, using Zadeh’s extension principle. Be...
متن کاملTowards a Possibilistic Logic
In this paper, we investigate how linguistic information can be incorporated into classical propositional logic. First, we show that Zadeh’s extension principle can be justified and at the same time generalized by considerations about transformation of possibility measures. Using these results, we show how linguistic uncertainty about the truth value of a proposition leads to the introduction o...
متن کامل