research-article

Intransitive noninterference in nondeterministic systems

Authors:

Kai Engelhardt,

Ron van der Meyden,

Chenyi ZhangAuthors Info & Claims

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Pages 869 - 880

https://doi.org/10.1145/2382196.2382288

Published: 16 October 2012 Publication History

Abstract

This paper addresses the question of how TA-security, a semantics for intransitive information-flow policies in deterministic systems, can be generalized to nondeterministic systems. Various definitions are proposed, including definitions that state that the system enforces as much of the policy as possible in the context of attacks in which groups of agents collude by sharing information through channels that lie outside the system. Relationships between the various definitions proposed are characterized, and an unwinding-based proof technique is developed. Finally, it is shown that on a specific class of systems, access control systems with local non-determinism, the strongest definition can be verified by checking a simple static property.

References

[1]

M. Backes and B. Pfitzmann. Intransitive non-interference for cryptographic purposes. In Proc. IEEE Symp. on Security and Privacy, pages 140--152, 2003.

Digital Library

[2]

D. Bell and L. L. Padula. Secure computer system: unified exposition and multics interpretation. Technical Report ESD-TR-75-306, Mitre Corporation, Bedford, M.A., Mar. 1976.

[3]

W. Bevier and W. Young. A state-based approach to noninterference. Journal of Computer Security, 3(1):55--70, 1995. (an earlier version appears in CSFW'94).

Digital Library

[4]

C. Boettcher, R. DeLong, J. Rushby, and W. Sifre. The MILS component integration approach to secure information sharing. In Proc. 27th IEEE/AIAA Digital Avionics Systems Conference, pages 1.C.2-1-1.C.2-14, Oct. 2008.

[5]

A. Bossi, C. Piazza, and S. Rossi. Modelling downgrading in information flow security. In Proc. IEEE Computer Security Foundations Workshop, pages 187--201, 2004.

Digital Library

[6]

R. Focardi and S. Rossi. Information flow security in dynamic contexts. In Proc. IEEE Computer Security Foundations Workshop, pages 307--319, 2002.

Digital Library

[7]

J. Goguen and J. Meseguer. Security policies and security models. In Proc. IEEE Symp. on Security and Privacy, pages 11--20, 1982.

[8]

J. Goguen and J. Meseguer. Unwinding and inference control. In IEEE Symp. on Security and Privacy, pages 75--87, 1984.

[9]

R. Gorrieri and M. Vernali. On intransitive non-interference in some models of concurrency. In Foundations of Security Analysis and Design VI - FOSAD Tutorial Lectures, volume 6858 of LNCS, pages 125--151. Springer-Verlag, 2011.

Digital Library

[10]

J. Haigh and W. Young. Extending the noninterference version of MLS for SAT. IEEE Trans. Softw. Eng., SE-13(2):141--150, Feb. 1987.

Digital Library

[11]

J. Halpern and K. O'Neill. Secrecy in multiagent systems. In Proc. IEEE Computer Security Foundations Workshop, page 32, Los Alamitos, CA, USA, 2002. IEEE Computer Society.

Digital Library

[12]

D. M. Johnson and F. J. Thayer. Security and the composition of machines. In Proc. IEEE Computer Security Foundations Workshop, pages 72--89, 1988.

[13]

H. Mantel. Information flow control and applications - bridging a gap. In J. N. Oliveira and P. Zave, editors, FME, volume 2021 of LNCS, pages 153--172. Springer-Verlag, 2001.

Digital Library

[14]

J. McLean. Reasoning about security models. In Proc. IEEE Conf. on Security and Privacy, pages 123--131, 1987.

[15]

J. McLean. A general theory of composition for trace sets closed under selective interleaving functions. In Proc. IEEE Symp. on Security and Privacy, pages 79--93, May 1994.

Digital Library

[16]

J. K. Millen. Unwinding forward correctability. In Proc. IEEE Computer Security Foundations Workshop, pages 2--10, 1994.

[17]

S. M. More, P. Naumov, B. Nicholls, and A. Yang. A ternary knowledge relation on secrets. In Proc. Conf. on Theoretical Aspects of Rationality and Knowledge (TARK-2011), Groningen, The Netherlands, July 12-14, 2011, pages 46--54, 2011.

Digital Library

[18]

J. Mullins. Nondeterministic admissible interference. Journal of Universal Computer Science, 6(11):1054--1070, 2000.

[19]

A. Roscoe and M. Goldsmith. What is intransitive noninterference? In Proc. IEEE Computer Security Foundations Workshop, pages 228--238, 1999.

Digital Library

[20]

J. Rushby. Design and verification of secure systems. In Proc. 8th Symposium on Operating Systems Principles, pages 12--21, Asilomar CA, Dec. 1981. (ACM Operating Systems Review, Vol 15, No. 1).

Digital Library

[21]

J. Rushby. Noninterference, transitivity, and channel-control security policies. Technical Report CSL-92-02, SRI International, Dec. 1992.

[22]

D. Sutherland. A model of information. In Proc. 9th National Computer Security Conf., pages 175--183, 1986.

[23]

R. van der Meyden. A comparison of semantic models for intransitive noninterference. unpublished manuscript, available at http://www.cse.unsw.edu.au/ meyden, Dec. 2007.

Digital Library

[24]

R. van der Meyden. What, indeed, is intransitive noninterference? In J. Biskup and J. Lopez, editors, Proc. European Symposium On Research In Computer Security (ESORICS), volume 4734 of LNCS, pages 235--250. Springer-Verlag, 2007.

Digital Library

[25]

R. van der Meyden. On notions of causality and distributed knowledge. In Proc. 11th Int. Conf. on Principles of Knowledge Representation and Reasoning, pages 209--219, 2008.

[26]

D. von Oheimb. Information flow control revisited: Noninfluence = Noninterference

[27]

Nonleakage. In Proc. European Symposium On Research In Computer Security (ESORICS), volume 3193 of LNCS, pages 225--243. Springer-Verlag, 2004.

Cited By

Zhang FZhang CXu MLiu XHu FChao H(2018)Automated Verification of Noninterference PropertyInformation and Communications Security10.1007/978-3-030-01950-1_37(629-646)Online publication date: 26-Oct-2018
https://doi.org/10.1007/978-3-030-01950-1_37
Eggert Svan der Meyden R(2017)Dynamic intransitive noninterference revisitedFormal Aspects of Computing10.1007/s00165-017-0430-629:6(1087-1120)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1007/s00165-017-0430-6
Woizekowski Ovan der Meyden R(2016)On Reductions from Multi-Domain Noninterference to the Two-Level CaseComputer Security – ESORICS 201610.1007/978-3-319-45744-4_26(520-537)Online publication date: 15-Sep-2016
https://doi.org/10.1007/978-3-319-45744-4_26
Show More Cited By

Index Terms

Intransitive noninterference in nondeterministic systems
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Dynamic intransitive noninterference revisited
Abstract
The paper studies dynamic information flow security policies in an automaton-based model. Two semantic interpretations of such policies are developed, both of which generalize the notion of TA-security [van der Meyden ESORICS 2007] for static ...
Run-time principals in information-flow type systems

Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in terms of static information—data is labeled high or low security at compile ...
The Complexity of Intransitive Noninterference
SP '11: Proceedings of the 2011 IEEE Symposium on Security and Privacy

The paper considers several definitions of information flow security for intransitive policies from the point of view of the complexity of verifying whether a finite-state system is secure. The results are as follows. Checking (i) P-security (Goguen and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

October 2012

1088 pages

ISBN:9781450316514

DOI:10.1145/2382196

General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Virgil Gligor
Carnegie Mellon University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'12

Sponsor:

SIGSAC

CCS'12: the ACM Conference on Computer and Communications Security

October 16 - 18, 2012

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
281
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang FZhang CXu MLiu XHu FChao H(2018)Automated Verification of Noninterference PropertyInformation and Communications Security10.1007/978-3-030-01950-1_37(629-646)Online publication date: 26-Oct-2018
https://doi.org/10.1007/978-3-030-01950-1_37
Eggert Svan der Meyden R(2017)Dynamic intransitive noninterference revisitedFormal Aspects of Computing10.1007/s00165-017-0430-629:6(1087-1120)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.1007/s00165-017-0430-6
Woizekowski Ovan der Meyden R(2016)On Reductions from Multi-Domain Noninterference to the Two-Level CaseComputer Security – ESORICS 201610.1007/978-3-319-45744-4_26(520-537)Online publication date: 15-Sep-2016
https://doi.org/10.1007/978-3-319-45744-4_26
Jamroga WTabatabaei M(2015)Strategic NoninterferenceICT Systems Security and Privacy Protection10.1007/978-3-319-18467-8_5(67-81)Online publication date: 9-May-2015
https://doi.org/10.1007/978-3-319-18467-8_5
Verbeek FHavle OSchmaltz JTverdyshev SBlasum HLangenstein BStephan WWolff BNemouchi Y(2015)Formal API Specification of the PikeOS Separation KernelNASA Formal Methods10.1007/978-3-319-17524-9_26(375-389)Online publication date: 8-Apr-2015
https://doi.org/10.1007/978-3-319-17524-9_26
Ernst MJust RMillstein SDietl WPernsteiner SRoesner FKoscher KBarros PBhoraskar RHan SVines PWu EAhn GYung MLi N(2014)Collaborative Verification of Information Flow for a High-Assurance App StoreProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2660343(1092-1104)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2660343
Foley S(2013)Noninterference Analysis of Delegation Subterfuge in Distributed Authorization SystemsTrust Management VII10.1007/978-3-642-38323-6_14(193-207)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38323-6_14

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents