Characterizing intransitive noninterference for 3-domain security policies with observability

Hadj-Alouane, Nejib Ben; Lafrance, Stéphane; Lin, Feng; Mullins, John; Yeddes, Moez

doi:10.1109/tac.2005.850643

Cited by 23 publications

(15 citation statements)

References 14 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, in [13,14] for discrete event systems Nejib Ben Hadj-Alouane et al proposed an algorithmic approach to the verification of intransitive noninterference. The basic concept of their approach is to use an observability based on a purge function, called iP-observability, to capture intransitive noninterference, and reduce the checking of iP-observability to the checking of P-observability, which can be done efficiently.…”

Section: Related Workmentioning

confidence: 99%

“…At present, the absence of feasible algorithmic verification approaches is the main problem in checking intransitive noninterference. Prior to our work, only one rigorous algorithm has been proposed by Nejib Ben Hadj-Alouane in the literature [13,14] to check intransitive noninterference based on some necessary and sufficient conditions. Other algorithms, for example [8], only use a sufficient condition as a basis for checking intransitive noninterference.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Algorithmic Verification of Intransitive Noninterference for 3-domain Security Policies with a SAT Solver

Liu¹,

Zhou²,

Yun³

et al. 2013

Appl. Math. Inf. Sci.

View full text Add to dashboard Cite

Abstract:In this paper we propose an automated verification approach to checking intransitive noninterference for deterministic finite state systems. Our approach is based on the counterexamples search verification strategy, and is conducted in gradual manner. It produces counterexamples of minimal length. Further, we reduce the counterexamples search to propositional satisfiability. For the case that there are no counterexamples, we also introduce the window induction proof method in order to avoid considering unnecessary iterations, and show that the induction proof can be performed by the boolean decision procedure. In addition, based on graph-theoretic properties of systems we propose an over-approximation to the length of the smallest counterexample, and the over-approximation can also be checked by the boolean decision procedure.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Algorithmic Verification of Intransitive Noninterference for 3-domain Security Policies with a SAT Solver

Liu¹,

Zhou²,

Yun³

et al. 2013

Appl. Math. Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…In this section, we briefly review intransitive non-interference in multi-level systems as well as its characterization as iP -observability introduced in [3]. The reader is refereed to [3] for more details.…”

Section: Intransitive Non-interference In Multi-level Systemsmentioning

confidence: 99%

“…• Σ • Σ R E = {e 3 • Σ S = {c 1 , c 2 , c 3 } since those are synchronization events between A and B;…”

Section: Specification Of Robustness Against Denial Of Servicementioning

confidence: 99%

“…

AbstractIn this paper, we generalize our algorithmic approach to the problem of verification of the property of intransitive non-interference (INI) using tools and concepts of discrete event systems (DES) that we first proposed in [3]. The reason that we are interested in INI is that it can be used to solve several important security problems in systems and protocols.

…”

mentioning

confidence: 99%

See 1 more Smart Citation

An algorithmic approach to verification of intransitive non-interference in security policies

Hadj-Alouane

Lafrance

Lin

et al. 2004

2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601)

Self Cite

View full text Add to dashboard Cite

In this paper, we generalize our algorithmic approach to the problem of verification of the property of intransitive non-interference (INI) using tools and concepts of discrete event systems (DES) that we first proposed in [3]. The reason that we are interested in INI is that it can be used to solve several important security problems in systems and protocols. We have shown that the notion of iP -observability captures precisely the property of INI. In [3], we have developed algorithms to check iP -observability by indirectly checking P -observability. This indirect method works only for systems with at most three security levels. In this paper, we develop a direct method for checking iP -observability, which is based on an insightful observation that iP -purge is a left-congruence in terms of relations on formal languages. This direct method can be used for checking systems with more than three security levels. To demonstrate the applicability of our approach, we propose a formal method to detect denial of service vulnerabilities in security protocols based on INI. This method is illustrated using the TCP/IP protocol.

show abstract

Estimation and Verification of Partially Observed Discrete‐Event Systems

Yin

2019

Wiley Encyclopedia of Electrical and Electronics Engineering

View full text Add to dashboard Cite

State estimation is one of the most fundamental problems in the systems and control theory. In many real-world systems, it is not always possible to access the full information of the system due to measurement noises/uncertainties and the existence of adversaries. Therefore, how to estimate the state of the system is crucial when one wants to make decisions based on the limited and incomplete information.Given a system, one of the most important questions is to prove/disprove the correctness of the system with respect to some desired requirement (or specification). In particular, we would like to check the correctness of the system in a formal manner in the sense that the checking procedures are algorithmic and results have provable correctness guarantees. Such a formal satisfaction checking problem is referred to as the verification problem. Performing formal property verification is very important for many complicated but safety-critical infrastructures.This article considers state estimation and verification problems for an important class of man-made cyber-physical systems called Discrete-Event Systems (DES). Roughly speaking, DES are dynamic systems with discrete state-spaces and event-triggered dynamics. DES models are widely used in the study of complex automated systems where the behavior is inherently eventdriven, as well as in the study of discrete abstractions of continuous, hybrid, and/or cyber-physical systems. Over the past decades, the theory of DES has been successfully applied to many real-world problems, e.g., the control of

show abstract

Characterizing intransitive noninterference for 3-domain security policies with observability

Cited by 23 publications

References 14 publications

Algorithmic Verification of Intransitive Noninterference for 3-domain Security Policies with a SAT Solver

Algorithmic Verification of Intransitive Noninterference for 3-domain Security Policies with a SAT Solver

An algorithmic approach to verification of intransitive non-interference in security policies

Estimation and Verification of Partially Observed Discrete‐Event Systems

Contact Info

Product

Resources

About