Multilevel Security and Quality of Protection

Constraining how information may flow within a system is at the heart of many protection mechanisms and many security policies have direct interpretations in terms of information flow and multilevel security style controls. However, while conceptually simple, multilevel security controls have been difficult to achieve in practice. In this paper we explore how the traditional assurance measures that are used in the network multilevel security model can be re-interpreted and generalised to provide the basis of a framework for reasoning about the quality of protection provided by a secure system configuration.

[1]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[2]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[3]  Marvin Schaefer If A1 is the answer, what was the question? An Edgy Naif's retrospective on promulgating the trusted computer systems evaluation criteria , 2004, 20th Annual Computer Security Applications Conference.

[4]  Bob Blakley,et al.  Some weaknesses of the TCB model , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[5]  Axel Schairer,et al.  Verification of a Formal Security Model for Multiapplicative Smart Cards , 2000, ESORICS.

[6]  Simon N. Foley,et al.  Reasoning about Secure Interoperation Using Soft Constraints , 2004, Formal Aspects in Security and Trust.

[7]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[8]  J. K. Millen,et al.  The cascading problem for interconnected networks , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[9]  Simon N. Foley Conduit cascades and secure synchronization , 2001, NSPW '00.

[10]  Francesca Rossi,et al.  Semiring-based constraint satisfaction and optimization , 1997, JACM.

[11]  Bradford G. Nickerson,et al.  The Cascade Vulnerability Problem , 1993, J. Comput. Secur..

[12]  Simon N. Foley,et al.  Aggregation and Separation as Noninterference Properties , 1992, J. Comput. Secur..

[13]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[14]  Simon N. Foley,et al.  Detecting and Eliminating the Cascade Vulnerability Problem from Multilevel Security Networks Using Soft Constraints , 2004, AAAI.

[15]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[16]  Ravi S. Sandhu Role Hierarchies and Constraints for Lattice-Based Access Controls , 1996, ESORICS.

[17]  Benjamin Aziz,et al.  Trading Off Security in a Service Oriented Architecture , 2005, DBSec.

[18]  Mark Wallace,et al.  Practical applications of constraint programming , 2004, Constraints.

[19]  John McLean,et al.  Reasoning About Security Models , 1987, 1987 IEEE Symposium on Security and Privacy.

[20]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[21]  Francesca Rossi,et al.  Semiring-based constraint solving and optimization , 1997 .

[22]  Lance J. Hoffman,et al.  A shortest path network security model , 1993, Comput. Secur..

[23]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[24]  Simon N. Foley The specification and implementation of “commercial” security requirements including dynamic segregation of duties , 1997, CCS '97.

[25]  Roberto Gorrieri,et al.  A Taxonomy of Security Properties for Process Algebras , 1995, J. Comput. Secur..

[26]  Andrew S. Tanenbaum,et al.  Support for multi-level security policies in DRM architectures , 2004, NSPW '04.

[27]  Bradford G. Nickerson,et al.  The cascade vulnerability problem , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[28]  Theodore M. P. Lee,et al.  Using mandatory integrity to enforce 'commercial' security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[29]  Stefano Bistarelli Semirings for Soft Constraint Solving and Programming , 2004, Lecture Notes in Computer Science.

[30]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[31]  Simon N. Foley,et al.  A Universal Theory of Information Flow , 1987, 1987 IEEE Symposium on Security and Privacy.

[32]  Simon N. Foley A model for secure information flow , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[33]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[34]  Simon R. Wiseman,et al.  Securing an object relational database , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[35]  Benjamin Aziz,et al.  Configuring Storage Area Networks for Mandatory Security , 2004, DBSec.