A Comparison of Semantic Models for Noninterference

Meyden, Ron van der; Zhang, Chenyi

doi:10.1007/978-3-540-75227-1_16

Cited by 13 publications

(19 citation statements)

References 20 publications

(23 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(See [12] for a comparison and a discussion of their relationships. )We work here with the state-observed machine model used by Rushby [2] In the definition of TA-secure, the operational model of information flow given by the function $ta$ permits a domain to trnsmit information that it may have, even if it has never observed anything from which it could deduce that information.…”

Section: Backgroundsmentioning

confidence: 99%

Analysis and Proofs of Properties in Intransitive Noninterference

Lv¹,

Li²,

Li³

et al. 2015

IJHIT

View full text Add to dashboard Cite

show abstract

Section: Backgroundsmentioning

confidence: 99%

Analysis and Proofs of Properties in Intransitive Noninterference

Lv¹,

Li²,

Li³

et al. 2015

IJHIT

View full text Add to dashboard Cite

show abstract

“…It is shown in [23] that, in the special case of deterministic systems, the lazy abstraction approach corresponds to the application of the purge function of NI to nondeterministic systems, and the mixed abstraction approach corresponds to a notion of security van der Meyden calls ITO-security: this differs from TA security in that it uses functions that are like tau, but which track information about observations as well as information about actions. Thus, both definitions differ from the TA-based definitions we have presented.…”

Section: Related Workmentioning

confidence: 99%

Intransitive noninterference in nondeterministic systems

Engelhardt

Meyden

Zhang

2012

Proceedings of the 2012 ACM Conference on Computer and Communications Security

Self Cite

View full text Add to dashboard Cite

This paper addresses the question of how TA-security, a semantics for intransitive information-flow policies in deterministic systems, can be generalized to nondeterministic systems. Various definitions are proposed, including definitions that state that the system enforces as much of the policy as possible in the context of attacks in which groups of agents collude by sharing information through channels that lie outside the system. Relationships between the various definitions proposed are characterized, and an unwindingbased proof technique is developed. Finally, it is shown that on a specific class of systems, access control systems with local nondeterminism, the strongest definition can be verified by checking a simple static property.

show abstract

“…We remark that under certain circumstances, the definitions given by Roscoe and Goldsmith [RG99] correspond either to P-security or to ITO-security-see [Mey07] for details. The following result shows how these definitions are related:…”

Section: Definitionmentioning

confidence: 99%

“…Moreover, TA-security can be shown [Mey08] to correspond in a precise sense to Rushby's "unwinding" proof technique for intransitive noninterference. We remark that under certain circumstances, the definitions given by Roscoe and Goldsmith [RG99] correspond either to P-security or to ITO-security-for details, we refer the reader to [Mey07], which is concerned with a detailed comparison of the above definitions of security in a number of different semantic frameworks.…”

Section: Introductionmentioning

confidence: 99%

Architectural Refinement and Notions of Intransitive Noninterference

Meyden

2009

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

This paper deals with architectural designs that specify components of a system and the permitted flows of information between them. In the process of systems development, one might refine such a design by viewing a component as being composed of subcomponents, and specifying permitted flows of information between these subcomponents and others in the design. The paper studies the soundness of such refinements with respect to a spectrum of different semantics for information flow policies, including Goguen and Meseguer's purge-based definition, Haigh and Young's intransitive purge-based definition, and some more recent notions TA-security, TO-security and ITO-security defined by van der Meyden. It is shown that all these definitions support the soundness of architectural refinement, for both a state-and an action-observed model of systems. A notion of systems refinement in which the information content of observations is reduced is also studied. It is also shown that refinement preserves weak access control structure, an implementation mechanism that ensures TA-security.

show abstract

A Comparison of Semantic Models for Noninterference

Cited by 13 publications

References 20 publications

Analysis and Proofs of Properties in Intransitive Noninterference

Analysis and Proofs of Properties in Intransitive Noninterference

Intransitive noninterference in nondeterministic systems

Architectural Refinement and Notions of Intransitive Noninterference

Contact Info

Product

Resources

About