Title :
Noninterference and the composability of security properties
Author :
McCullough, Daryl
Author_Institution :
Odyssey Res. Associates, Ithaca, NY, USA
Abstract :
The problem of composability of multilevel security properties, particularly the noninterference property and some of its generalizations, is discussed. Examples are used to show that some of these security properties do not compose; it is possible to connect two systems, both of which are judged to be secure, so that the composite system is not secure. A property called restrictiveness is introduced that is generally composable, so that two restrictive systems connected legally result in a new restrictive composite system. A novel feature in the brief discussion of restrictiveness is a state-machine version of the property
Keywords :
operating systems (computers); security of data; composability; multilevel security; noninterference property; restrictive composite system; restrictiveness; security properties; Computer security; Concurrent computing; Data security; Disk drives; Information security; Interconnected systems; Joining processes; Operating systems; Printers; Protection;
Conference_Titel :
Security and Privacy, 1988. Proceedings., 1988 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-0850-1
DOI :
10.1109/SECPRI.1988.8110
