Abstract
The construction of security models from scratch is a difficult, time consuming, and expensive task. In this article, we demonstrate how to exploit generic concepts, in particular the concept of secure information flow, to simplify the construction of security models. Requirements concerned with confidentiality or integrity can often be expressed nicely as restrictions on the allowed flow of information. For a verification of these restrictions, it is necessary to explicate formally what information flow means. Various information flow properties have been suggested for this purpose and we employ MAKS, the “Modular Assembly Kit for Security” [Man00a], for a unified perspective on these properties. How to exploit the generic security models based on secure information flow in practice is described in the context of the VSE system [AHL + 00].
This work has been partly supported by the German Research Foundation (DFG) and the German Federal Ministry of Education and Research (BMBF).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Autexier, S., Hutter, D., Langenstein, B., Mantel, H., Rock, G., Schairer, A., Stephan, W., Vogt, R., Wolpers, A.: VSE: Formal Methods Meet Industrial Needs. Special Issue on Mechanized Theorem Proving for Technology Transfer of the STTT-Springer International Journal on Software Tools for Technology Transfer 3(1), 66–77 (2000)
Autexier, S., Hutter, D., Mantel, H., Schairer, A.: System Description: INKA 5.0 – A Logic Voyager. In: Ganzinger, H. (ed.) CADE 1999. LNCS (LNAI), vol. 1632, pp. 207–211. Springer, Heidelberg (1999)
Autexier, S., Hutter, D., Mossakowski, T., Schairer, A.: The Development Graph Manager MAYA. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, p. 495. Springer, Heidelberg (2002)
Biba, K.J.: Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153, MITRE (1977)
Bell, D.E., LaPadula, L.: Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, MITRE (March 1976)
Common Criteria Project Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation (CC) Version 2.1(1999); Also appeared as ISO/IEC 15408: IT – Security techniques – Evaluation criteria for IT security
Focardi, R., Gorrieri, R.: A Classification of Security Properties for Process Algebras. Journal of Computer Security 3(1), 5–33 (1995)
Focardi, R., Ghelli, A., Gorrieri, R.: Using Non Interference for the Analysis of Security Protocols. In: Proceedings of DIMACS Workshop on Design and Formal Verification of Security Protocols (1997)
Focardi, R., Gorrieri, R., Martinelli, F.: Non Interference for the Analysis of Cryptographic Protocols. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, p. 354. Springer, Heidelberg (2000)
Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Goguen, J.A., Meseguer, J.: Inference Control and Unwinding. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 75–86 (1984)
Guttman, J.D., Nadel, M.E.: What Needs Securing? In: Proceedings of the IEEE Computer Security Foundations Workshop, pp. 34–57 (1988)
Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)
Haigh, J.T., Young, W.D.: Extending the Noninterference Version of MLS for SAT. IEEE Transactions on Software Engineering SE-13(2), 141–150 (1987)
Office for Official Publications of the European Communities. Information Technology Security Evaluation Criteria, ITSEC (1991)
Jacob, J.: On the Derivation of Secure Components. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 242–247 (1989)
Johnson, D.M., Thayer, F.J.: Security and the Composition of Machines. In: Proceedings of the Computer Security Foundations Workshop, pp. 72–89 (1988)
Jürjens, J.: Secure Information Flow for Concurrent Processes. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 395–409. Springer, Heidelberg (2000)
Lampson, B.W.: Protection. In: Proceedings of 5th Princeton Conference on Information Sciences and Systems, p. 437 (1971)
Lampson, B.W.: A Note on the Confinement Problem. Communications of the ACS 16(10), 613–615 (1973)
Mantel, H.: Possibilistic Definitions of Security – An Assembly Kit. In: Proceedings of the IEEE Computer Security Foundations Workshop, pp. 185–199 (2000)
Mantel, H.: Unwinding Possibilistic Security Properties. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 238–254. Springer, Heidelberg (2000)
Mantel, H.: Information Flow Control and Applications – Bridging a Gap. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)
Mantel, H.: Preserving Information Flow Properties under Refinement. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 78–91 (2001)
Mantel, H.: On the Composition of Secure Systems. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 88–101 (2002)
McCullough, D.: Specifications for Multi-Level Security and a Hook-Up Property. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 161–166 (1987)
McLean, J.D.: A Comment on the ”Basic Security Theorem” of Bell and LaPadula. Information Processing Letters 20, 67–70 (1985)
McLean, J.D.: Reasoning about Security Models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 123–131 (1987)
McLean, J.D.: The Specification and Modeling of Computer Security. IEEE Computer 23(1), 9–16 (1990)
McLean, J.D.: Proving Noninterference and Functional Correctness using Traces. Journal of Computer Security 1(1), 37–57 (1992)
McLean, J.D.: A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 79–93 (1994)
McLean, J.D.: Security Models. In: Marciniak, J. (ed.) Encyclopedia of Software Engineering. John Wiley & Sons, Inc., Chichester (1994)
Millen, J.K.: Unwinding Forward Correctability. In: Proceedings of the Computer Security Foundations Workshop, pp. 2–10 (1994)
Mantel, H., Schairer, A., Kabatnik, M., Kreutzer, M., Zugenmaier, A.: Using Information Flow Control to Evaluate Access Protection of Location Information in Mobile Communication Networks. Technical Report 159, CS Department, University of Freiburg (2001)
O’Halloran, C.: A Calculus of Information Flow. In: Proceedings of the European Symposium on Research in Computer Security (ESORICS), pp. 147–159 (1990)
Pinsky, S.: Absorbing Covers and Intransitive Non-Interference. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 102–113 (1995)
Roscoe, A.W., Goldsmith, M.H.: What is intransitive noninterference? In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 228–238 (1999)
Roscoe, A.W.: CSP and Determinism in Security Modelling. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 114–127 (1995)
Ryan, P.Y.A., Schneider, S.A.: Process Algebra and Non-interference. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 214–227 (1999)
Rushby, J.: Noninterference, Transitivity, and Channel-Control Security Policies. Technical Report CSL-92-02, SRI International (1992)
Roscoe, A.W., Wulf, L.: Composing and Decomposing Systems under Security Properties. In: Proceedings of the 8th IEEE Computer Security Foundations Workshop, pp. 9–15 (1995)
Ryan, P.Y.A.: A CSP Formulation of Non-Interference and Unwinding. Cipher, 19–30 (Winter 1991)
Schneider, S.: May Testing, Non-interference, and Compositionality. Technical Report CSD-TR-00-02, Royal Holloway, University of London (2001)
Schellhorn, G., Reif, W., Schairer, A., Karger, P., Austel, V., Toll, D.: Verification of a Formal Security Model for Multiapplicative Smart Cards. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 17–36. Springer, Heidelberg (2000)
Sutherland, D.: A Model of Information. In: 9th National Computer Security Conference (1986)
Wittbold, J.T., Johnson, D.M.: Information Flow in Nondeterministic Systems. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 144–161 (1990)
Zakinthinos, A.: On the Composition of Security Properties. PhD thesis, Graduate Department of Electrical and Computer Engineering, University of Toronto (1996)
Zakinthinos, A., Lee, E.S.: A General Theory of Security Properties. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 94–102 (1997)
Zakinthinos, A., Lee, E.S.: Composing Secure Systems that have Emergent Properties. In: Proceedings of the 11th IEEE Computer Security Foundations Workshop, pp. 117–122 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Mantel, H., Schairer, A. (2005). Exploiting Generic Aspects of Security Models in Formal Developments. In: Hutter, D., Stephan, W. (eds) Mechanizing Mathematical Reasoning. Lecture Notes in Computer Science(), vol 2605. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-32254-2_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-32254-2_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25051-7
Online ISBN: 978-3-540-32254-2
eBook Packages: Computer ScienceComputer Science (R0)