A general theory of security properties

We present a general theory of possibilistic security properties. We show that we can express a security property as a predicate that is true of every set containing all the traces with the same low level event sequence. Given this security predicate, we show how to construct a partial ordering of security properties. We also discuss information flow and present the weakest property such that no information can flow from high level users to low level users. Finally, we present a comparison of our framework and McLean's (1994) Selective Interleaving Functions framework.

[1]  C. A. R. Hoare,et al.  Communicating Sequential Processes (Reprint) , 1983, Commun. ACM.

[2]  E. Stewart Lee,et al.  How and why feedback composition fails [secure systems] , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[3]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[4]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Riccardo Focardi,et al.  Comparing two information flow security properties , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[6]  Simon N. Foley,et al.  A Universal Theory of Information Flow , 1987, 1987 IEEE Symposium on Security and Privacy.

[7]  Colin O'Halloran,et al.  A Calculus of Information Flow , 1990, ESORICS.

[8]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[10]  Aris Zakinthinos,et al.  On the composition of security properties , 1997 .

[11]  Joshua D. Guttman,et al.  What Needs Securing , 1988, CSFW.

[12]  F. Javier Thayer,et al.  Security and the Composition of Machines , 1988, CSFW.

[13]  Jeremy L. Jacob,et al.  Security specifications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[14]  Roberto Gorrieri,et al.  A taxonomy of trace-based security properties for CCS , 1994, Proceedings The Computer Security Foundations Workshop VII.

[15]  A. Zakinthinos,et al.  How and Why Feedback Composition Fails , 1996 .

[16]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[17]  John McLean,et al.  A General Theory of Composition for a Class of "Possibilistic'' Properties , 1996, IEEE Trans. Software Eng..

[18]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[19]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[20]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[21]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.