Consistency Policies for Dynamic Information Systems with Declassification Flows

  • Julien A. Thomas
  • Frédéric Cuppens
  • Nora Cuppens-Boulahia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7093)


Many research work focused on modeling relational database management systems (DBMS) that support multilevel security (MLS) policies. One issue in this context is the inference problem which occurs when it is possible to derive higher classified data from lower classified ones. This corresponds to situations where data is inconsistently classified. Research work that address the inconsistent classification problem generally assume that classification assigned to data is statically defined and does not change over time (the tranquility principle). However, in more recent studies, advanced properties such as secure data declassification were also considered. The main issues addressed in these work are how to extend existing information flow control models, like non interference, to control information flows created by data declassification. But, these work do not consider that dependencies between data may create inconsistent classification problems when data is declassified.

In this paper, we present an approach to consider consistency issues in dynamic information systems with declassifications. Our approach relies on the modeling of explanation graphs associated to both the information system and the declassification flows.


Security Policy Security Level Access Control Policy Active Rule Derivation Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Moffett, J.D., Sloman, M.S.: Policy conflict analysis in distributed system management (1993)Google Scholar
  2. 2.
    Dinolt, G., Benzinger, L., Yatabe, M.: Combining components and policies, pp. 22–33 (June 1994)Google Scholar
  3. 3.
    Cuppens, F., Saurel, C.: Specifying a security policy: A case study. In: Proc. of the Computer Security Foundations Workshop, pp. 123–134. Kenmare Press (1996)Google Scholar
  4. 4.
    Cholvy, L., Cuppens, F., Belin, A.E.: Analyzing consistency of security policies. In: 1997 IEEE Symposium on Security and Privacy, pp. 103–112. IEEE (1997)Google Scholar
  5. 5.
    Cuppens-Boulahia, N., Cuppens, F.: Inference controller for multilevel databases. In: International Symposium on Programming and Systems, Algiers (May 2001)Google Scholar
  6. 6.
    Li, C., Shirani-Mehr, H., Yang, X.: Protecting Individual Information Against Inference Attacks in Data Publishing. In: Kotagiri, R., Radha Krishna, P., Mohania, M., Nantajeewarawat, E. (eds.) DASFAA 2007. LNCS, vol. 4443, pp. 422–433. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Raman, S.: Detecting Inference Attacks Using Association Rules (December 2001)Google Scholar
  8. 8.
    Goguen, J., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symp. Security and Privacy, pp. 11–20. IEEE (1982)Google Scholar
  9. 9.
    Sabelfel, A., Sands, D.: Dimensions and principles of declassification. In: CSFW 2005: Proceedings of the 18th IEEE workshop on Computer Security Foundations, pp. 255–269 (2005) ISBN ISSN:1063-6900 , 0-7695-2340-4Google Scholar
  10. 10.
    Thomas, J., Cuppens-Boulahia, N., Cuppens, F.: Modeling and Controlling Downgrading Operations in Information Systems. In: 5th International Conference on Signal-Image Technology & Internet-based Systems, SITIS 2009 (December 2009)Google Scholar
  11. 11.
    President of the United States: Executive order 12958, classified national security information. Technical report (March 2003)Google Scholar
  12. 12.
    Secrétariat Général de la Défense Nationale: Instruction générale interministérielle sur la protection du secret de la défense nationale (August 2003)Google Scholar
  13. 13.
    Thomas, J., Cuppens-Boulahia, N., Cuppens, F.: Expression and Enforcement of Confidentiality Policy in Active Databases. In: 5th International ACM Conference on Management of Emergent Digital EcoSystems, MEDES 2010, Bangkok, Thailand, LUSSI - Institut Télécom-Télécom Bretagne, October 26-29 (2010)Google Scholar
  14. 14.
    Thomas, J., Cuppens-Boulahia, N., Cuppens, F.: Declassification Policy Management in Dynamic Information Systems. In: The Sixth International Conference on Availability, Reliability and Security, ARES 2011, Vienna, Austria, LUSSI - Institut Télécom-Télécom Bretagne, August 22-26 (2011)Google Scholar
  15. 15.
    Dayal, U., Buchmann, A.P., McCarthy, D.R.: Rules are Objects Too: A Knowledge Model for an Active, Object-Oriented Databasesystem. In: Dittrich, K.R. (ed.) OODBS 1988. LNCS, vol. 334, pp. 129–143. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  16. 16.
    Baral, C., Lobo, J., Trajcevski, G.: Formal Characterizations of Active Databases: Part II. In: Bry, F. (ed.) DOOD 1997. LNCS, vol. 1341, pp. 247–264. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  17. 17.
    Harary, F., Norman, R., Cartwright, D.: Structural Models: An Introduction to the Theory of Directed Graphs. Wiley, New York (1966)zbMATHGoogle Scholar
  18. 18.
    Sutherland, D.: A model of information. In: Proceedings of the 9th National Computer Security Conference (1986)Google Scholar
  19. 19.
    Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: POPL 2004: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 186–197. ACM, New York (2004)Google Scholar
  20. 20.
    Cohen, E.: Information transmission in computational systems. SIGOPS Oper. Syst. Rev. 11(5), 133–139 (1977)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Julien A. Thomas
    • 1
  • Frédéric Cuppens
    • 1
  • Nora Cuppens-Boulahia
    • 1
  1. 1.Télécom Bretagne, LUSSI DepartmentUniversité Européenne de BretagneRennesFrance

Personalised recommendations