On the verification of intransitive noninterference in mulitlevel security

Authors:
N. B. Hadj-Alouane;S. Lafrance;Feng Lin;J. Mullins;M. M. Yeddes
Affiliations:
Dept. of Appl. Comput. Sci., Univ. of Manouba, Tunisia;-;-;-;-
Venue:
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Year:
2005

Citing 0
Cited 8

Dynamic Observers for the Synthesis of Opaque Systems

ATVA '09 Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis
Verification and synthesis for secrecy in discrete-event systems

ACC'09 Proceedings of the 2009 conference on American Control Conference
On intransitive non-interference in some models of concurrency

Foundations of security analysis and design VI
Synthesis of opaque systems with static and dynamic masks

Formal Methods in System Design
An iterative approach for the satisfaction of security using the intransitive non-interference property

VECoS'11 Proceedings of the Fifth international conference on Verification and Evaluation of Computer and Communication Systems
Conditional information flow policies and unwinding relations

TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
Verification of initial-state opacity in security applications of discrete event systems

Information Sciences: an International Journal
Comparative analysis of related notions of opacity in centralized and coordinated architectures

Discrete Event Dynamic Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose an algorithmic approach to the problem of verification of the property of intransitive noninterference (INI), using tools and concepts of discrete event systems (DES). INI can be used to characterize and solve several important security problems in multilevel security systems. In a previous work, we have established the notion of iP-observability, which precisely captures the property of INI. We have also developed an algorithm for checking iP-observability by indirectly checking P-observability for systems with at most three security levels. In this paper, we generalize the results for systems with any finite number of security levels by developing a direct method for checking iP-observability, based on an insightful observation that the iP function is a left congruence in terms of relations on formal languages. To demonstrate the applicability of our approach, we propose a formal method to detect denial of service vulnerabilities in security protocols based on INI. This method is illustrated using the TCP/IP protocol. The work extends the theory of supervisory control of DES to a new application domain.