A logical formalization of secrecy

Author

Cuppens, F.

Author_Institution

ONERA-CERT, Toulouse, France

fYear

1993

fDate

15-17 Jun 1993

Firstpage

53

Lastpage

62

Abstract

A formal definition is given of what must be considered as secret in a multilevel computer system. The author´s point of view drastically differs from the classical approaches since it advocates that all the information contained in the sequence of high level inputs need not be considered as secret. The approach is based on an extended logic involving epistemic and deontic modal operators. This leads to a new security property called nondisclosure on inputs that must really be considered as secret. The author refines this first definition to obtain a stronger property simply called nondisclosure which protects both high level strategies and high level outputs. Finally, a suggestion is given on how one could combine the causality and nondisclosure properties to obtain a decision procedure for analyzing the security of computer systems

Keywords

authorisation; formal logic; security of data; causality; computer systems; decision procedure; deontic modal operators; epistemic operators; extended logic; formal definition; high level inputs; logical formalization; multilevel computer system; nondisclosure; secrecy; Access control; Computer security; Information analysis; Information security; Logic; Protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop VI, 1993. Proceedings

Conference_Location

Franconia, NH

Print_ISBN

0-8186-3950-4

Type

conf

DOI

10.1109/CSFW.1993.246639

Filename

246639