Abstract
Constraining how information may flow within a system is at the heart of many protection mechanisms and many security policies have direct interpretations in terms of information flow and multilevel security style controls. However, while conceptually simple, multilevel security controls have been difficult to achieve in practice. In this paper we explore how the traditional assurance measures that are used in the network multilevel security model can be re-interpreted and generalised to provide the basis of a framework for reasoning about the quality of protection provided by a secure system configuration.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bell, D.E., Padula, L.J.L.: Secure computer system: unified exposition and MULTICS interpretation. Report ESD-TR-75-306, The MITRE Corporation (1976)
Denning, D.: A lattice model of secure information flow. Communications of the ACM 19(5) (1976)236–243
TNI: Trusted computer system evaluation criteria: trusted network interpretation. Technical report, National Computer Security Center (1987) Red Book.
Foley, S.: Aggregation and separation as noninterference properties. Journal of Computer Security 1(2) (1992) 159–188
Sandhu, R.: Lattice based access control models. IEEE Computer 26(11) (1993) 9–19
Lee, T.: Using mandatory integrity to enforce ‘commercial’ security. In: Proceedings of the Symposium on Security and Privacy. (1988) 140–146
Foley, S.: The specification and implementation of commercial security requirements including dynamic segregation of duties. In: ACM Conference on Computer and Communications Security. (1997) 125–134
Sandhu, R.: Role hierarchies and constraints for lattice-based access controls. In: ESORICS. (1996)
Popescu, B., Crispo, B., Tanenbaum, A.: Support for multi-level security policies in drm architectures. In: 13th New Security Paradigms Workshop. (2004)
Schellhorn, G., Reif, W., Schairer, A., Karger, P., Austel, V., Toll, D.: Verification of a formal security model for multiapplicative smart cards. In: ESORICS. (2000) 17–36
Schaefer, M: If Al is the answer, what was the question? an edgy naif's retrospective on promulgating the trusted computer systems evaluation criteria. In: Annual Computer Security Applications Conference, IEEE Press (2004) 204–228
Millen, J.: 20 years of covert channel modeling and analysis. In: IEEE Symposium on Security and Privacy. (1999) 113–114
McLean, J.: Reasoning about security models. In: Proceedings 1987 IEEE Symposium on Security and Privacy. (1987) 123–131
Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proceedings 1984 IEEE Symposium on Security and Privacy. (1984) 75–86
Foley, S.: A universal theory of information flow. In: Proceedings 1987 IEEE Symposium on Security and Privacy. (1987) 116–121
Sutherland, D.: A model of information. In: Proceedings 9th National Computer Security Conference. (1986)
Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. Journal of Computer Security 3(1) (1995) 5–33
Roscoe, A., Woodcock, J., Wulf, L.: Non-interference through determinism. Journal of Computer Security 4(1) (1995)
Ryan, P., Schneider, S.: Process algebra and non-interference. In: IEEE Computer Security Foundations Workshop. (1999) 214–227
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications, special issue on Formal Methods for Security 21(1)(2003)
McLean, J.: 20 years of formal methods. In: IEEE Symposium on Security and Privacy. (1999)113–114
Schneider, F.: Enforcable security policies. ACM Transactions on Information and Systems Security 3(1) (2000) 30–50
Lewis, S., Wiseman, S.: Securing an object relational database. In: ACSAC, IEEE Computer Society (1997) 59–68
Foley, S.: Conduit cascades and secure synchronization. In: ACM New Security Paradigms Workshop. (2000)
Aziz, B., Foley, S., Herbert, J., Swart, G.: Configuring storage area networks for mandatory security. In: Proceedings of the 18th IFIP Annual Conference on Data and Applications Security, Kluwer (2004)
Foley, S.: A model for secure information flow. In: Proceedings of the Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press (1989)
Bistarelli, S.: Semirings for Soft Constraint Solving and Programming. Volume LNCS 2962. Springer (2004)
Bistarelli, S., Foley, S., O’Sullivan, B.: Detecting and eliminating the cascade vulnerability problem from multi-level security networks using soft constraints. In: Proceedings of AAAI/IAAI-2004 (16th Innovative Applications of AI Conference), AAAI Press San Jose (2004)808–813
Bistarelli, S., Foley, S., O’Sullivan, B.: Reasoning about secure interoperation using soft constraints. In: Proceedings of FAST-2004 Workshop on Formal Aspects of Security and Trust. (2004)
Swart, G., Aziz, B., Foley, S., Herbert, J.: Trading off security in a service oriented architecture. In: 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security. (2005)
Wallace, M: Practical applications of constraint programming. Constraints 1(1-2) (1996) 139–168
Millen, J., Schwartz, M.: The cascading problem for interconnected networks. In: 4th Aerospace Computer Security Applications Conference, IEEE CS Press (1988) 269–273
Branstad, M.,et al.: Trusted Mach design issues. In: Proceedings Third Aerospace Computer Security Conference. (1987)
U. S. Department of Defense: Trusted computer system criteria. Technical Report CSC-STD-OO1-83, U. S. National Computer Security Center (1983)
Horton, R., et al.: The cascade vulnerability problem. Journal of Computer Security 2(4) (1993)279–290
Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Solving and Optimization. JACM 44(2) (1997)201–236
Blakley, G., Kienzle, D.: Some weaknesses of the TCB model. In: IEEE Symposium on Security and Privacy, IEEE CS Press (1997)
Fitch, J., Hoffman, L.: A shortest path network security model. Computers and Security 12 (1993) 169–189
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer Science+Business Media, LLC.
About this paper
Cite this paper
Foley, S.N., Bistarelli, S., O’Sullivan, B., Herbert, J., Swart, G. (2006). Multilevel Security and Quality of Protection. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds) Quality of Protection. Advances in Information Security, vol 23. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-36584-8_8
Download citation
DOI: https://doi.org/10.1007/978-0-387-36584-8_8
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29016-4
Online ISBN: 978-0-387-36584-8
eBook Packages: Computer ScienceComputer Science (R0)