Unifying Information Flow Policies

Abstract

Confidentiality security is concerned with restricting the disclosure of information in systems. One way of achieving this is to use an information flow policy which defines the different classes of information (for example, classified, secret, etc.) that can exist in the system and a flow relation which describes how information may flow between these classes. System entities (users, processes, files, etc.) are considered to be the sources and sinks of information, and each is bound to a security class from the flow policy. This report proposes a structure for describing information flow policies that can express transitive, aggregation and separation (of duty) exceptions. Operators for comparing, composing and abstracting flow policies are described. These allow complex policies to be built from simpler policies. Many existing confidentiality (and by using a dual model, integrity) policies can be captured in this framework. A high water mark model is developed that can enforce these information flow policies. This model provides the basis for a taxonomy of existing high water mark mechanisms. (EDC)

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 1990
Accession Number
ADA229043

Entities

People

  • Simon N. Foley

Organizations

  • Royal Signals and Radar Establishment

Tags

Communities of Interest

  • Biomedical
  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Abstracts
  • Alphabets
  • Clearances
  • Databases
  • Equations
  • Flow
  • Hospitals
  • Hypervelocity Flow
  • Information Systems
  • Insurance
  • Intervals
  • Latitude
  • Longitude
  • Security
  • Semantics
  • Sequences
  • Trojan Horse

Fields of Study

  • Computer science

Readers

  • Artificial Intelligence
  • Combustion and Flow Dynamics.
  • Government and Public Administration Law.