A general theory of composition for trace sets closed under selective interleaving functions

This paper presents a general theory of system composition for "possibilistic" security properties. We see that these properties fall outside of the Alpern-Schneider safety/liveness domain and hence, are not subject to the Abadi-Lamport composition principle. We then introduce a set of trace constructors called selective interleaving functions and show that possibilistic security properties are closure properties with respect to different classes of selective interleaving functions. This provides a uniform framework for analyzing these properties and allows us to construct a partial ordering for them. We present a number of composition constructs, show the extent to which each preserves closure with respect to different classes of selective interleaving functions, and show that they are sufficient for forming the general hook-up construction. We see that although closure under a class of selective interleaving functions is generally preserved by product and cascading, it is not generally preserved by feedback, internal system, composition constructs, or refinement. We examine the reason for this.<<ETX>>

[1]  Jonathan K. Millen,et al.  Hookup security for synchronous machines , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[2]  C. Meadows,et al.  Using traces based on procedure calls to reason about composability , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[4]  Colin O'Halloran,et al.  A Calculus of Information Flow , 1990, ESORICS.

[5]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[6]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[7]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[8]  John Rushby Design and Veriication of Secure Systems , 1981 .

[9]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[10]  Jeff W. Sanders,et al.  On the refinement of non-interference , 1991, Proceedings Computer Security Foundations Workshop IV.

[11]  J. Jacob,et al.  On the derivation of secure components , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[12]  James W. Gray,et al.  Toward a mathematical foundation for information flow security , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  John J. Marciniak,et al.  Encyclopedia of Software Engineering , 1994, Encyclopedia of Software Engineering.

[14]  John McLean,et al.  Proving Noninterference and Functional Correctness Using Traces , 1992, J. Comput. Secur..

[15]  J. Todd Wittbold,et al.  Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Ming Li,et al.  Kolmogorov Complexity and its Applications , 1991, Handbook of Theoretical Computer Science, Volume A: Algorithms and Complexity.

[17]  John McLean,et al.  Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.