Abstract-We propose an algorithmic approach to the problem of verification of the property of intransitive noninterference (INI), using tools and concepts of discrete event systems (DES). INI can be used to characterize and solve several important security problems in multilevel security systems. In a previous work, we have established the notion of -observability, which precisely captures the property of INI. We have also developed an algorithm for checking -observability by indirectly checking -observability for systems with at most three security levels. In this paper, we generalize the results for systems with any finite number of security levels by developing a direct method for checking -observability, based on an insightful observation that the function is a left congruence in terms of relations on formal languages. To demonstrate the applicability of our approach, we propose a formal method to detect denial of service vulnerabilities in security protocols based on INI. This method is illustrated using the TCP/IP protocol. The work extends the theory of supervisory control of DES to a new application domain.Index Terms-Denial of service, formal verification, information flow, interference, intransitive noninterference (INI), observability, purge, security policies.
As a final remark, we note that our adaptive control scheme is modular, that is the adaptive law and the control law are separated. Hence, one has the flexibility of modifying or adjusting one of these laws without affecting the other. Particularly, a least square based adaptive law can be used instead of the gradient algorithm, and parameter projection may be combined or replaced by another robustness modification technique.
REFERENCES
Characterizing Intransitive Noninterference for 3-Domain Security Policies With ObservabilityNejib Ben Hadj-Alouane, Stéphane Lafrance, Feng Lin, John Mullins, and Moez YeddesAbstract-This note introduces a new algorithmic approach to the problem of checking the property of intransitive noninterference (INI) using discrete-event systems (DESs) tools and concepts. INI property is widely used in formal verification of security problems in computer systems and protocols. The approach consists of two phases: First, a new property called -observability (observability based on a purge function) is introduced to capture INI. We prove that a system satisfies INI if and only if it is -observable. Second, a relation between -observability and -observability (observability as used in DES) is established by transforming the automaton modeling a system/protocol into an automaton where -observability (and, hence, -observability) can be determined. This allows us to check INI by checking -observability, which can be done efficiently. Our approach can be used for all systems/protocols with three domains or levels, which is sufficient for most noninterference problems for cryptographic protocols and systems.
Ce fichier a été téléchargé à partir de PolyPublie, le dépôt institutionnel de Polytechnique MontréalThis file has been downloaded from PolyPublie, the institutional repository of Polytechnique Montréal http://publications.polymtl.ca
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.