Characterizing intransitive noninterference for 3-domain security policies with observability

This note introduces a new algorithmic approach to the problem of checking the property of intransitive noninterference (INI) using discrete-event systems (DESs) tools and concepts. INI property is widely used in formal verification of security problems in computer systems and protocols. The approach consists of two phases: First, a new property called iP-observability (observability based on a purge function) is introduced to capture INI. We prove that a system satisfies INI if and only if it is iP-observable. Second, a relation between iP-observability and P-observability (observability as used in DES) is established by transforming the automaton modeling a system/protocol into an automaton where P-observability (and, hence, iP-observability) can be determined. This allows us to check INI by checking P-observability, which can be done efficiently. Our approach can be used for all systems/protocols with three domains or levels, which is sufficient for most noninterference problems for cryptographic protocols and systems.

[1]  Jan C. WillemsInstitute The Computational Complexity of Decentralized Discrete-Event Control Problems , 1993 .

[2]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[3]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 2001 .

[4]  Cynthia E. Irvine A multilevel file system for high assurance , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[5]  Nejib Ben Hadj-Alouane,et al.  Characterizing Intransitive Non-Interference in Security Policies with Observability , 2004 .

[6]  John Mullins,et al.  Bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols , 2003, Inf. Softw. Technol..

[7]  R.,et al.  A CLASSIFICATION OF SECURITY PROPERTIES FOR PROCESS ALGEBRAS 1 , 1994 .

[8]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[9]  John McLean,et al.  A General Theory of Composition for a Class of "Possibilistic'' Properties , 1996, IEEE Trans. Software Eng..

[10]  John Mullins Nondeterministic Admissible Interference , 2000, J. Univers. Comput. Sci..

[11]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[12]  Walter Murray Wonham,et al.  On observability of discrete-event systems , 1988, Inf. Sci..

[13]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[14]  G. Boudol,et al.  Notes on Algebraic Calculi of Processes , 1989, Logics and Models of Concurrent Systems.

[15]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[16]  A. W. Roscoe,et al.  What is intransitive noninterference? , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.