An information flow model FM is defined by

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

Operating System Security
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
1 Basic abstract interpretation theory. 2 The general idea §a semantics l any definition style, from a denotational definition to a detailed interpreter.
Verifiable Security Goals
Data Flow Analysis Compiler Design Nov. 8, 2005.
Chapter 9: Subprogram Control
A Platform-based Design Flow for Kahn Process Networks Abhijit Davare Qi Zhu December 10, 2004.
User Domain Policies.
Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.
Time, Clocks, and the Ordering of Events in a Distributed System Leslie Lamport (1978) Presented by: Yoav Kantor.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
WMS systems manage and coordinate several independent subtasks. The coordination problems get even more serious when the subtasks are performed on separate.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
Zvi Kohavi and Niraj K. Jha 1 Memory, Definiteness, and Information Losslessness of Finite Automata.
CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.
SOFTWARE DESIGN (SWD) Instructor: Dr. Hany H. Ammar
An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
DISTRIBUTED ALGORITHMS By Nancy.A.Lynch Chapter 18 LOGICAL TIME By Sudha Elavarti.
Information Flow Language and System Level 1Dennis Kafura – CS5204 – Operating Systems.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Information Flow Control Language and System Level.
A Universe-Type-Based Verification Technique for Mutable Static Fields and Methods Alexander J Summers Sophia Drossopoulou Imperial College London Peter.
12/4/20151 Computer Security Security models – an overview.
16.7 Completing the Physical- Query-Plan By Aniket Mulye CS257 Prof: Dr. T. Y. Lin.
2004 Hawaii Inter Conf Comp Sci1 Specifying and Proving Object- Oriented Programs Arthur C. Fleck Computer Science Department University of Iowa.
Academic Year 2014 Spring Academic Year 2014 Spring.
A Lattice Model of Secure Information Flow By Dorothy E. Denning Presented by Drayton Benner March 22, 2000.
Modeling Complex Systems by Separating Application and Security Concerns H. Gomaa, M. Shin, "Modeling Complex Systems by Separating Application and Security.
Question What technology differentiates the different stages a computer had gone through from generation 1 to present?
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
“Towards Self Stabilizing Wait Free Shared Memory Objects” By:  Hopeman  Tsigas  Paptriantafilou Presented By: Sumit Sukhramani Kent State University.
Certification of Programs for Secure Information Flow Dorothy & Peter Denning Communications of the ACM (CACM) 1977.
CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.
Semilattices presented by Niko Simonson, CSS 548, Autumn 2012 Semilattice City, © 2009 Nora Shader.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Virtual Local Area Networks In Security By Mark Reed.
Modeling Arithmetic, Computation, and Languages Mathematical Structures for Computer Science Chapter 8 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesTuring.
Computer Organization
Memory Management.
Verifiable Security Goals
4.
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Behavioral Style Combinational Design with VHDL
IAY 0600 Digital Systems Design
Operating Systems (CS 340 D)
Implementing Subprograms
Organization of Programming Languages
SNS College of Engineering Coimbatore
Appendix D: Network Model
Behavioral Style Combinational Design with VHDL
OTHER MODELS OF TURING MACHINES
Structural testing, Path Testing
Operating Systems (CS 340 D)
Distinct Distances in the Plane
Interactions.
Asymptotic Notations Algorithms Lecture 9.
COT 5611 Operating Systems Design Principles Spring 2012
Logical architecture refinement
Mandatory Access Control (MAC)
IAS 0600 Digital Systems Design
Threads Chapter 4.
IAS 0600 Digital Systems Design
NASA Secure Coding Rules
UNIT V Run Time Environments.
Chapter 29: Program Security
Chapter 4 System Modeling.
Chapter 15 Functional Programming 6/1/2019.
COT 5611 Operating Systems Design Principles Spring 2014
Presentation transcript:

An information flow model FM is defined by FM= (N, P, SC, , ->) N = { a, b, ... } is a set of logical storage objects or information receptacles. P = {p, q, ... } is a set of processes. SC security classes.

Harrison et al. , have recently demonstrated that in general it may be undecidable whether an access right to an object will "leak" to a process in a system whose access control mechanism is modeled by an access matrix [II, 15]. .

We sought to find suitable and viable restrictions according to which the security of a system would not only be decidable, but simply so. -Incorrect Our results show that suitable constraints do indeed exist, and moreover within the context of a richly structured model.

The class-combining operator "EB" is an associative and commutative binary operator that specifies, for any pair of operand classes, the class in which the re­sult of any binary function on values from the operand classes belongs. The class of the result of any binary function on objects a and b is thus q EB 􀂁- By extension, the class of the value of an n-ary function J(ai, ... ,an) is !11 EB ... EB gn, To avoid semantic ambiguities that may arise when two different functions over the same domain have overlapping ranges, we assume that the operator "EB" is independent of the function used to combine values. No generality is lost by this assumption since the effect of a function- dependent "EB" can be simulated by an appropriate set of processes using a function-independent "EB" [4 ]. The set of security classes is closed under "EB". -INcorrect

A flow relation "-->" is defined on pairs of security classes A flow relation "-->" is defined on pairs of security classes. For classes A and B, we write A ----> B if and only if information in class A is permitted to flow into class B. Information is said to flow from class A to class B whenever information associated with A affects the value of information associated with B. In this paper we shall be concerned only with flows which result from (sequences of) operations that cause in­formation to be transferred from one object to another (e.g. copying, assignment, 1/0, parameter passing, and message sending). This includes flows along "legitimate" and "storage" channels. We shall not be concerned with flows along "covert" channels (i.e. a process's effect on the system load) [16]. Weak

a flow model FM is secure if and only if execution of a sequence of operations cannot give rise to a flow that violates the relation "-->". If a value f(a,, ... , a.) flows to an object b that is statically bound to a se­ curity class g, then g, EB ... EB Qn---+ g must hold. If J ( a,, ... , an) flows to a dynamically bound object b, then the class of b must be updated (if necessary) so that ,;i1 EB ... EB q, --> g holds for this case also. Assuming that "---->" is transitive, it is easily ,how that the security of individual operations implies that of arbitrary sequences of operations [4]. The assumption of transitivity is justified below. The model we have outlined is a simplified form of the one in [4]. The detailed model accounts for a set of "states" of an underlying computer system and a set of "transition operators" for describing state changes and their associated mformation flows. It also accounts for such implementation requirements as tags that mark memory locations with the class of information stored in them, or the necessity of nullifying a memory cell when it is deallocated.

Under certain assumptions, the model components SC, "---->", and "EB" form a universally bounded lattice. These assumptions are not arbitrary, but follow from the semantics of information flow. By this we mean either that no generality is lost by them or that they are required for consistency. Consistency means that all flows implied by a permissible flow should also be permitted by the flow relation. For example, if the statement begin b : = a; c : = b end is secure, then the statement c : = a should also be secure. Without a consistent flow structure, it would be possible to mas­ querade insecure operations as secure ones. A universally bounded lattice is a structure con­sisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set [3, 21]. To show that (SC, ---+, EB) forms such a lattice, we establish that:

A universally bounded lattice is a structure con­sisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set [3, 21]. To show that (SC, ---+, EB) forms such a lattice, we establish that: (!) (SC,->) is a partially ordered set. (2􀀯 SC is finite. 􀀱3􀀲 SC has a lower bound L such that L ---> A for all A E SC. (4) EB is a least upper bound operator on SC.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.