Declassification Policy Management in Dynamic Information Systems

Standard multilevel security (MLS) policies lack flexibility as data classification is considered static. Previous works have addressed this issue and defined declassification requirements, especially in programming languages using a language-based security approach. In this paper, we suggest a dif ferent approach. We show how to define and enforce declassification policies in databases, seen as sets of logical facts. We first define an information flow con trol model where data classification may dynamically change. This model combines both confidentiality and integrity requirements to enforce security. We then specify how to enforce declassification policies. Our approach relies on Event-Condition-Action (ECA) rules and provides means to manage the four basic di mensions of declassification, namely the what?, who?, where? and when? which respectively refer to model ing information to be declassified, entities responsible for declassification, localization of the declassification and contextual conditions that control declassifica tion. We formalize and specify our declassification policies and prove it safe and secure with respect to the information flow control model.