An algorithmic approach to verification of intransitive non-interference in security policies

In this paper, we generalize our algorithmic approach to the problem of verification of the property of intransitive non-interference (INI) using tools and concepts of discrete event systems (DES) that we first proposed in Hadj-Alouane, N., et al. (2004). The reason that we are interested in INI is that it can be used to solve several important security problems in systems and protocols. We have shown that the notion of iP-observability captures precisely the property of INI. In Hadj-Alouane, N., et al. (2004), we have developed algorithms to check iP-observability by indirectly checking P-observability. This indirect method works only for systems with at most three security levels. In this paper, we develop a direct method for checking iP-observability, which is based on an insightful observation that iP-purge is a left-congruence in terms of relations on formal languages. This directly method can be used for systems with more than three security levels. To demonstrate the application of our approach, in the full version of this paper, we propose a formal method to detect denial of service vulnerabilities in security protocols based on INI. This method is illustrated using the TCP/IP protocol.

[1]  J. Thomas Haigh,et al.  Extending theNoninterference Versionof MLS , 1987 .

[2]  Nejib Ben Hadj-Alouane,et al.  Characterizing Intransitive Non-Interference in Security Policies with Observability , 2004 .

[3]  John Mullins,et al.  Bisimulation-based Non-deterministic Admissible Interference and its Application to the Analysis of Cryptographic Protocols , 2002, Electron. Notes Theor. Comput. Sci..

[4]  John Mullins,et al.  Using Admissible Interference to Detect Denial of Service Vulnerabilities , 2003, IWFM.

[5]  Beno Benhabib,et al.  Manufacturing cell supervisory control-a timed discrete event system approach , 1992, Proceedings 1992 IEEE International Conference on Robotics and Automation.

[6]  Beno Benhabib,et al.  Manufacturing cell supervisory control-a modular timed discrete-event system approach , 1993, [1993] Proceedings IEEE International Conference on Robotics and Automation.

[7]  John McLean,et al.  A General Theory of Composition for a Class of "Possibilistic'' Properties , 1996, IEEE Trans. Software Eng..

[8]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[9]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[10]  Roberto Gorrieri,et al.  Message Authentication through Non Interference , 2000, AMAST.

[11]  Nejib Ben Hadj-Alouane,et al.  Characterizing intransitive noninterference for 3-domain security policies with observability , 2005, IEEE Transactions on Automatic Control.

[12]  John Mullins,et al.  An Information Flow Method to Detect Denial of Service Vulnerabilities , 2003, J. Univers. Comput. Sci..

[13]  Stéphane Lafortune Modeling and analysis of transaction execution in database systems , 1988 .

[14]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[15]  Roberto Gorrieri,et al.  Secrecy in Security Protocols as Non Interference , 1999, Workshop on Secure Architectures and Information Flow.

[16]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[17]  W. M. Wonham,et al.  Protocol verification using discrete-event systems , 1992, [1992] Proceedings of the 31st IEEE Conference on Decision and Control.

[18]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[19]  Catherine A. Meadows,et al.  A Cost-Based Framework for Analysis of Denial of Service Networks , 2001, J. Comput. Secur..

[20]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[21]  A. W. Roscoe,et al.  What is intransitive noninterference? , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[22]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[23]  Rocco De Nicola,et al.  Proof techniques for cryptographic processes , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[24]  John Mullins Nondeterministic Admissible Interference , 2000, J. Univers. Comput. Sci..

[25]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[26]  Catherine A. Meadows Open Issues in Formal Methods for Cryptographic Protocol Analysis , 2001, MMM-ACNS.

[27]  Walter Murray Wonham,et al.  On observability of discrete-event systems , 1988, Inf. Sci..

[28]  R.,et al.  A CLASSIFICATION OF SECURITY PROPERTIES FOR PROCESS ALGEBRAS 1 , 1994 .

[29]  Jeffrey D. Ullman,et al.  Introduction to automata theory, languages, and computation, 2nd edition , 2001, SIGA.

[30]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[31]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.