Intransitive noninterference in nondeterministic systems
Kai Engelhardt,Ron van der Meyden,Chenyi Zhang +2 more
- 16 Oct 2012
- pp 869-880
TL;DR: This paper addresses the question of how TA-security, a semantics for intransitive information-flow policies in deterministic systems, can be generalized to nondeterministic systems and shows that on a specific class of systems, access control systems with local non-determinism, the strongest definition can be verified by checking a simple static property.
read more
Abstract: This paper addresses the question of how TA-security, a semantics for intransitive information-flow policies in deterministic systems, can be generalized to nondeterministic systems. Various definitions are proposed, including definitions that state that the system enforces as much of the policy as possible in the context of attacks in which groups of agents collude by sharing information through channels that lie outside the system. Relationships between the various definitions proposed are characterized, and an unwinding-based proof technique is developed. Finally, it is shown that on a specific class of systems, access control systems with local non-determinism, the strongest definition can be verified by checking a simple static property.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Figures
Figure 4: An insecure system that satisfies MCOR. 
Figure 1: Architecture for a MILS system. 
Figure 6: A system that is RCnTA but not PCnTA. 
Figure 10: Access Control within machine M1. A bidirectional arrow u ↔ d between a domain u and a data object d denotes d ∈ observe(u) ∩ alter(u) whereas a unidirectional arrow u→ d denotes d ∈ alter(u). 
Figure 8: A system that is P-nTA and P-PCnTA but not PRCnTA. 
Figure 3: A machine that is COR but not P-COR.
Citations
•Journal Article
Collaborative Verification of Information Flow for a High-Assurance App Store.
TL;DR: In this paper, the authors propose a verification model for use in app stores to guarantee that the apps are free of malicious information flows, where the software vendor and the app store auditor collaborate, and each does tasks that are easy for her/him.
71
Formal API specification of the PikeOS separation kernel
Freek Verbeek,Freek Verbeek,Oto Havle,Julien Schmaltz,Sergey Tverdyshev,Holger Blasum,Bruno Langenstein,Werner Stephan,Burkhart Wolff,Yakoub Nemouchi +9 more
- 27 Apr 2015
TL;DR: This work formalized the hardware independent security-relevant part of PikeOS that is to be used in a certification context and presents the model and the methodology used to create the model, and proves intransitive noninterference.
41
Dynamic intransitive noninterference revisited
TL;DR: Two semantic interpretations of dynamic information flow security policies in an automaton-based model are developed, both of which generalize the notion of TA-security for static intransitive noninterference policies.
12
•Posted Content
Complexity and Unwinding for Intransitive Noninterference.
TL;DR: The most important ingredients in the proofs of the PTIME upper bounds are new characterizations of the respective security notions, which lead to new unwinding proof techniques that are shown to be sound and complete for these notions of security, and enable the algorithms to return simple counter-examples demonstrating insecurity.
8
Games and strategies in analysis of security properties
Masoud Tabatabaei
- 24 Oct 2016
TL;DR: It is shown that the security of a system can be seen as an interplay between functionality requirements and the strategies adopted by users, and based on this a weaker notion of noninterference is proposed, which is called strategicnoninterference.
References
Security Policies and Security Models
Joseph A. Goguen,José Meseguer +1 more
- 26 Apr 1982
TL;DR: The reader is familiar with the ubiquity of information in the modern world and is sympathetic with the need for restricting rights to read, add, modify, or delete information in specific contexts.
2.4K
Secure Computer System: Unified Exposition and Multics Interpretation
D. Elliott Bell,Leonard J. La Padula +1 more
- 01 Mar 1976
TL;DR: A suggestive interpretation of the model in the context of Multics and a discussion of several other important topics (such as communications paths, sabotage and integrity) conclude the report.
Design and verification of secure systems
John Rushby
- 01 Dec 1981
TL;DR: A new verification technique called 'proof of separability' which explicitly addresses the security relevant aspects of interrupt handling and other issues ignored by present methods is suggested.
Noninterference, Transitivity, and Channel-Control Security Policies 1
John Rushby
- 01 Jan 2005
TL;DR: It is shown that transitive polices are precisely the “multilevel security” (MLS) polices, and that any MLS secure system satisfies the conditions of the unwinding theorem.
What is intransitive noninterference
A. W. Roscoe,Michael Goldsmith +1 more
- 28 Jun 1999
TL;DR: The usual definition of this property of "intransitive noninterference" is examined in terms of a modified purge function, and it is shown that this is a distinctly weaker property than an alternative derived from considerations of determinism.
Related Papers (5)
A. W. Roscoe,Michael Goldsmith +1 more
- 28 Jun 1999
Joseph A. Goguen,José Meseguer +1 more
- 26 Apr 1982