Confidentiality Policies and Their Extraction from Programs

Abstract

We examine a well known confidentiality requirement called noninterference and argue that many systems do not meet this requirement despite maintaining the privacy of its users. We discuss a weaker requirement called incident-insensitive noninterference that captures why these systems maintain the privacy of its users while possibly not satisfying noninterference. We extend this requirement to depend on dynamic information in a novel way. Lastly, we present a method based on model checking to extract from program source code the dynamic incident-insensitive noninterference policy that the given program obeys.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 09, 2007
Accession Number
ADA462503

Entities

People

  • Jeannette Wing
  • Michael C. Tschantz

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Algorithms
  • Automata
  • Computer Programs
  • Computer Science
  • Computers
  • Consistency
  • Construction
  • Databases
  • Extraction
  • Guarantees
  • Language
  • Learning
  • Notation
  • Observation
  • Physicians
  • Specifications
  • Standards

Fields of Study

  • Computer science

Readers

  • Computational Linguistics
  • Cybersecurity.
  • Systems Analysis and Design