A logic of composition for information flow predicates

Information flow predicates are properties of sets of traces and therefore cannot be handled under the Alpem-Schneider framework and the Abadi-Lamport Composition Principle. McLean proposed a theory (1994) to investigate the composition properties of these predicates and derived a partial order on them. In this paper we present an alternate framework based on many-sorted predicate logic for specifying the information flow properties and show that this framework can be used to reason about the composition of such properties that is amenable to automated theorem proving.

[1]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[2]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[4]  John Rushby,et al.  User guide for the pvs specification and verification system (beta release) , 1991 .

[5]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  William A. Wulf,et al.  Formal specification of information flow security policies and their enforcement in security critical systems , 1994, Proceedings The Computer Security Foundations Workshop VII.

[7]  Lawrence Snyder,et al.  Formal Models of Capability-Based Protection Systems , 1981, IEEE Transactions on Computers.

[8]  William A. Wulf,et al.  Specification and verification of security policies , 1996 .

[9]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.