Security Models and Information Flow

Abstract

We develop a theory of information flow that differs from Nondeducibility's, which we see is really a theory of information sharing. We use our theory to develop a flow-based security model, FM, and show that the proper treatment of security-relevant causal factors in such a framework is very tricky. Using FM as a standard for comparison, we examine Noninterference, Generalized Noninterference, and extensions to Noninterference designed to protect high-level output, and see that the proper treatment of causal factors in such models requires us to consider programs as explicit input to systems. This gives us a new perspective on security levels. The Bell and LaPadula Model, on the other hand, more successfully models security-relevant causal information although this success is bought at the expense of the model being vague about its primitives. This vagueness is examined with respect to the claim that the Bell and LaPadula Model and Noninterference are equivalent.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 1990
Accession Number
ADA462529

Entities

People

  • John A. McLean

Organizations

  • United States Naval Research Laboratory

Tags

DTIC Thesaurus Topics

  • Computer Access Control
  • Computers
  • Cybersecurity
  • Information Exchange
  • Information Operations
  • Information Theory
  • Military Research
  • Model Theory
  • Models
  • Operating Systems
  • Probability
  • Security
  • Semantics
  • Sequences
  • Specifications
  • Standards
  • System Software

Fields of Study

  • Computer science

Readers

  • Adaptive Control and Estimation with Uncertainty in Dynamic Systems.
  • Aerodynamics.
  • Systems Analysis and Design