Downloads: A Policy Model for Secure Information Flow
A Policy Model for Secure Information Flow 1.0
|Adedayo O. Adetoye and Atta Badii, School of Systems Engineering, University of Reading, UK:|
This paper proposes a policy model to specify what information flow is permitted in a computational system. The security definition, which is based on a general notion of information lattices, allows various representations of information to be used in the enforcement of secure information flow in terministic or nondeterministic systems. A flexible semantics-based analysis technique is presented, which uses the input-output relational model induced by an attacker’s observational power, to compute the information released by the computational system. An illustrative attacker model demonstrates the use of the technique to develop a termination-sensitive analysis. The technique allows the development of various information flow analyses, parametrised by the ttacker’s observational power, which can be used to enforce what declassification policies.
The paper was presented at the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS\'09), 28-29 March, 2009 in York, UK.
Most Downloaded: A Survey of Context-aware Middleware [ 7698 ]
Most Recent: Hydra - LinkSmart brochure [ 2764 ]