Title :
Security models and information flow
Author_Institution :
US Naval Res. Lab., Washington, DC, USA
Abstract :
A theory of information flow is developed that differs from that of nondeducibility, which is seen to be a theory of information sharing. The theory is used to develop a flow-based security model (FM) and to show that the proper treatment of security-relevant causal factors in such a framework is very tricky. Using FM as a standard for comparison, an examination is made of interference, generalized noninterference, and extensions to noninterference designed to protect high-level output, and it is seen that the proper treatment of causal factors in such models requires programs to be considered as explicit input to systems. This gives a new perspective on security levels. The model of D.E. Bell and L.J. LaPadula (1973), on the other hand, more successfully models security-relevant causal information, although this success is bought at the expense of the model being vague about its primitives. This vagueness is examined with respect to the claim that the Bell-LaPadula model and noninterference are equivalent
Keywords :
information theory; security of data; Bell-LaPadula model; flow-based security model; high level output protection; information flow; information sharing; interference; primitives; programs; security levels; security-relevant causal factors; Broadcasting; Ducts; History; Information security; Information technology; Information theory; Laboratories; Protection;
Conference_Titel :
Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-2060-9
DOI :
10.1109/RISP.1990.63849
