Reasoning about confidentiality requirements

Reflexive flow policies provide abstract characterizations of certain multilevel confidentiality requirements. This paper describes how reflexive flow policies can be used to construct and reason about large/complex multilevel policies. In particular, we describe how reflexive policies can be used to develop and reason about security policies for multilevel relational databases. Our approach facilitates a study of the relationship between security policy design and database design.<<ETX>>

[1]  Simon N. Foley A model for secure information flow , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[2]  Steven B. Lipner,et al.  Non-Discretionery Controls for Commercial Applications , 1982, 1982 IEEE Symposium on Security and Privacy.

[3]  Simon N. Foley Secure information flow using security groups , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[4]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[5]  Simon N. Foley,et al.  Aggregation and Separation as Noninterference Properties , 1992, J. Comput. Secur..

[6]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[7]  Catherine A. Meadows Extending the Brewer-Nash model to a multilevel context , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.