Compatibility of Safety Properties and Possibilistic Information Flow Security in MAKS
نویسندگان
چکیده
Motivated by typical security requirements of workflow management systems, we consider the integrated verification of both safety properties (e.g. separation of duty) and information flow security predicates of the MAKS framework (e.g. modeling confidentiality requirements). Due to the refinement paradox, enforcement of safety properties might violate possibilistic information flow properties of a system. We present an approach where sufficient conditions for the compatibility of safety properties and information flow security are derived by performing an information flow analysis of a monitor enforcing the safety property and applying existing compositionality results for MAKS security predicates. These conditions then guarantee that the composition of a target system with the monitor satisfies both kinds of properties. We illustrate our approach by deriving sufficient conditions for the security-preserving enforcement of separation of duty and ordered message delivery in an asynchronous communication platform.
منابع مشابه
Possibilistic Information Flow Control in MAKS and Action Refinement
Formal methods emphasizes the need for a top-down approach when developing large reliable software systems. Refinements are used to map step by step abstract algebraic specifications to executable specifications. Action refinements are used to add detailed design information to abstract actions. Information flow control is used to specify and verify the admissible flow of confidential informati...
متن کاملPossibilistic Information Flow Control
Distributed systems make increasing use of encrypted channels to enable confidential communication. While non-interference provides suitable means to investigate the flow of information within distributed systems, it has proved to be rather difficult to capture the notion of encrypted channels in such a framework. In this paper, we extend the framework MAKS for possibilistic information flow in...
متن کاملA General Theory of Security Properties
This paper presents a general theory of possibilistic security properties. We show that we can express a security property as a predicate that is true of every set containing all the traces with the same low level event sequence. Given this security predicate, we show how to construct a partial ordering of security properties. We also discuss information flow and present the weakest property su...
متن کاملPossibilistic Information Flow Control for Workflow Management Systems
In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and associated security requirements. We present an approach for formally verifying that a workflow satisfies such security requirements. For this purpose, we define the ...
متن کاملA Decentralized Online Sortition Protocol
We propose a new online sortition protocol which is decentralized. We argue that our protocol has safety, fairness, randomness, non-reputation and openness properties. Sortition is a process that makes random decision and it is used in competitions and lotteries to determine who is the winner. In the real world, sortition is simply done using a lottery machine and all the participa...
متن کامل