A lattice model of secure information flow

This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. The central component of the model is a lattice structure derived from the security classes and justified by the semantics of information flow. The lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security. The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches. It also leads to the construction of automatic program certification mechanisms for verifying the secure flow of information through a program.

[1]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[2]  Dorothy E. Denning,et al.  Secure information flow in computer systems. , 1975 .

[3]  Anita K. Jones,et al.  Protection in programmed systems. , 1973 .

[4]  William A. Wulf,et al.  HYDRA , 1974, Commun. ACM.

[5]  Jeffrey S. Fenton Information Protection Systems , 1973 .

[6]  Jeffrey S. Fenton Memoryless Subsystems , 1974, Comput. J..

[7]  Peter J. Denning,et al.  Selectively Defined Subsystems , 1974 .

[8]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[9]  Richard J. Lipton,et al.  The enforcement of security policies for computation , 1975, J. Comput. Syst. Sci..

[10]  Elliott I. Organick,et al.  The multics system: an examination of its structure , 1972 .

[11]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[12]  Leo Joseph Rotenberg,et al.  Making computers keep secrets , 1973 .

[13]  Michael D. Schroeder,et al.  A Hardware Architecture for Implementing Protection Rings (Abstract). , 1971, Symposium on Operating Systems Principles.

[14]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[15]  Jeffrey D. Ullman,et al.  On protection in operating systems , 1975, SOSP.

[16]  C. Weissman Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[17]  Jerome H. Saltzer,et al.  A hardware architecture for implementing protection rings , 1972, CACM.

[18]  Harry J. Saal,et al.  Memoryless execution: A programmer's viewpoint , 1976, Softw. Pract. Exp..

[19]  Elliott I. Organick,et al.  The Multics system , 1972 .

[20]  H. Stone Discrete Mathematical Structures and Their Applications , 1973 .

[21]  Marvin Minsky,et al.  Computation : finite and infinite machines , 2016 .

[22]  R. Stockton Gaines,et al.  An operating system based on the concept of a supervisory computer , 1972, CACM.

[23]  Gregory Richard Andrews,et al.  Cops--a protection mechanism for computer systems. , 1974 .