Abstract
Motivated by typical security requirements of workflow management systems, we consider the integrated verification of both safety properties (e.g. separation of duty) and information flow security predicates of the MAKS framework (e.g. modeling confidentiality requirements). Due to the refinement paradox, enforcement of safety properties might violate possibilistic information flow properties of a system. We present an approach where sufficient conditions for the compatibility of safety properties and information flow security are derived by performing an information flow analysis of a monitor enforcing the safety property and applying existing compositionality results for MAKS security predicates. These conditions then guarantee that the composition of a target system with the monitor satisfies both kinds of properties. We illustrate our approach by deriving sufficient conditions for the security-preserving enforcement of separation of duty and ordered message delivery in an asynchronous communication platform.
This research is supported by the Deutsche Forschungsgemeinschaft (DFG) under grant Hu737/5-1, which is part of the DFG priority programme 1496 “Reliably Secure Software Systems.”
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distributed Computing 2(3), 117–126 (1987)
Bauereiss, T., Hutter, D.: Compatibility of safety properties and possibilistic information flow security in MAKS. Tech. rep. (2014), http://bauereiss.name/papers/SEC2014_TR.pdf
Bauereiss, T., Hutter, D.: Possibilistic information flow security of workflow management systems. In: GraMSec 2014. To appear in EPTCS (2014)
Bossi, A., Focardi, R., Piazza, C., Rossi, S.: Refinement operators and information flow security. In: SEFM, pp. 44–53. IEEE Computer Society (2003)
Clarkson, M.R., Schneider, F.B.: Hyperproperties. Journal of Computer Security 18(6), 1157–1210 (2010)
Hutter, D., Mantel, H., Schaefer, I., Schairer, A.: Security of multi-agent systems: A case study on comparison shopping. J. Applied Logic 5(2), 303–332 (2007)
Jacob, J.: On the derivation of secure components. In: IEEE Symposium on Security and Privacy, pp. 242–247. IEEE Computer Society (1989)
Mantel, H.: Possibilistic definitions of security - an assembly kit. In: CSFW, pp. 185–199. IEEE Computer Society (2000)
Mantel, H.: Unwinding possibilistic security properties. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 238–254. Springer, Heidelberg (2000)
Mantel, H.: Preserving information flow properties under refinement. In: IEEE Symposium on Security and Privacy, pp. 78–91. IEEE Computer Society (2001)
Mantel, H.: On the composition of secure systems. In: IEEE Symposium on Security and Privacy, pp. 88–101. IEEE Computer Society (2002)
Mantel, H.: A uniform framework for the formal specification and verification of information flow security. Ph.D. thesis (2004)
Mantel, H.: The framework of selective interleaving functions and the modular assembly kit. In: Atluri, V., Samarati, P., Küsters, R., Mitchell, J.C. (eds.) FMSE, pp. 53–62. ACM (2005)
McLean, J.: A general theory of composition for a class of “possibilistic” properties. IEEE Trans. Software Eng. 22(1), 53–67 (1996)
Roscoe, A.: Parallel operators. In: Understanding Concurrent Systems. Texts in Computer Science, pp. 45–66. Springer, London (2010)
Santen, T.: Preservation of probabilistic information flow under refinement. Inf. Comput. 206(2-4), 213–249 (2008)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Seehusen, F., Stølen, K.: Maintaining information flow security under refinement and transformation. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 143–157. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bauereiss, T., Hutter, D. (2014). Compatibility of Safety Properties and Possibilistic Information Flow Security in MAKS. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds) ICT Systems Security and Privacy Protection. SEC 2014. IFIP Advances in Information and Communication Technology, vol 428. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55415-5_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-55415-5_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55414-8
Online ISBN: 978-3-642-55415-5
eBook Packages: Computer ScienceComputer Science (R0)