Consistency policies for dynamic information systems with declassification flows

Authors:
Julien A. Thomas;Frédéric Cuppens;Nora Cuppens-Boulahia
Affiliations:
Télécom Bretagne, LUSSI Department, Université Européenne de Bretagne, Rennes, France;Télécom Bretagne, LUSSI Department, Université Européenne de Bretagne, Rennes, France;Télécom Bretagne, LUSSI Department, Université Européenne de Bretagne, Rennes, France
Venue:
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Year:
2011

Citing 11
Cited 0

Rules are objects too: A knowledge model for an active, object-oriented databasesystem

Lecture notes in computer science on Advances in object-oriented database systems
Formal Characterizations of Active Databases: Part II

DOOD '97 Proceedings of the 5th International Conference on Deductive and Object-Oriented Databases
Specifying a security policy: a case study

CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
Information transmission in computational systems

SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Analyzing consistency of security policies

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Abstract non-interference: parameterizing non-interference by abstract interpretation

Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dimensions and Principles of Declassification

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Protecting individual information against inference attacks in data publishing

DASFAA'07 Proceedings of the 12th international conference on Database systems for advanced applications
Modeling and Controlling Downgrading Operations in Information Systems

SITIS '09 Proceedings of the 2009 Fifth International Conference on Signal Image Technology and Internet Based Systems
Expression and enforcement of confidentiality policy in active databases

Proceedings of the International Conference on Management of Emergent Digital EcoSystems
Declassification Policy Management in Dynamic Information Systems

ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many research work focused on modeling relational database management systems (DBMS) that support multilevel security (MLS) policies. One issue in this context is the inference problem which occurs when it is possible to derive higher classified data from lower classified ones. This corresponds to situations where data is inconsistently classified. Research work that address the inconsistent classification problem generally assume that classification assigned to data is statically defined and does not change over time (the tranquility principle). However, in more recent studies, advanced properties such as secure data declassification were also considered. The main issues addressed in these work are how to extend existing information flow control models, like non interference, to control information flows created by data declassification. But, these work do not consider that dependencies between data may create inconsistent classification problems when data is declassified. In this paper, we present an approach to consider consistency issues in dynamic information systems with declassifications. Our approach relies on the modeling of explanation graphs associated to both the information system and the declassification flows.