A communication policy is a specification for permitted communication among system agents. A :~ys-t e m exhibits noninterference with respect to a policy if every agent is insensitive to the presence of agents with which it may not communicate. A communication policy specifies the presence or absence of communicalion between agents, but it does not specify how penniifted communication may occur. I n this paper we present a refinement of a communication policy, which we call a connection policy. A connection policy specifies the channels along which permitted communication may occur. A system observes controlled interference when its connection policy is satisfied. When a connection policy is consistent with a communication policy, controlled interference guarantees noninterference. We discuss Rushby's notion of separation in light of controlled interference, and briefly relate controlled iniierference to type enforcement. The formalization of the controlled interference theory is built upon the statebased formulation of noninterference previously developed by two of the authors. A theme of this paper is that a state-based approach to these issues is simple and useful.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.