Security models and information flow

A theory of information flow is developed that differs from that of nondeducibility, which is seen to be a theory of information sharing. The theory is used to develop a flow-based security model (FM) and to show that the proper treatment of security-relevant causal factors in such a framework is very tricky. Using FM as a standard for comparison, an examination is made of interference, generalized noninterference, and extensions to noninterference designed to protect high-level output, and it is seen that the proper treatment of causal factors in such models requires programs to be considered as explicit input to systems. This gives a new perspective on security levels. The model of D.E. Bell and L.J. LaPadula (1973), on the other hand, more successfully models security-relevant causal information, although this success is bought at the expense of the model being vague about its primitives. This vagueness is examined with respect to the claim that the Bell-LaPadula model and noninterference are equivalent.<<ETX>>

[1]  John McLean,et al.  The algebra of security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[2]  Joshua D. Guttman,et al.  What Needs Securing , 1988, CSFW.

[3]  T. Taylor Comparison Paper between the Bell and LaPadula Model , 1984, 1984 IEEE Symposium on Security and Privacy.

[4]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[5]  John McHugh,et al.  An Experience Using Two Covert Channel Analysis Techniques on a Real System Design , 1986, IEEE Transactions on Software Engineering.

[6]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[7]  C. A. R. Hoare,et al.  A Theory of Communicating Sequential Processes , 1984, JACM.

[8]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  John McLean,et al.  Reasoning About Security Models , 1987, 1987 IEEE Symposium on Security and Privacy.

[10]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[11]  Ian Sutherland,et al.  Relating Bell-LaPadula-Style Security Models to Information Models , 1988, CSFW.

[12]  John McLean,et al.  A Formal Method for the Abstract Specification of Software , 1984, JACM.

[13]  J. Thomas Haigh,et al.  Noninterference and unwinding for LOCK , 1989, Proceedings of the Computer Security Foundations Workshop II,.