The composability of non-interference [system security]
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A unifying approach to the security of distributed and multi-threaded programs
Journal of Computer Security - Special issue on CSFW14
| Hi-index | 0.00 |
This paper examines the effects of the structure of the system on the composability of Generalized Non-Interference (GNI). It is proven that in a system constructed from GNI secure components, the only possible interconnection that can cause the system not to satisfy GNI occurs when two components are composed with feedback. We also present necessary and sufficient conditions for the composition of GNI secure components to yield a system that is GNI secure. The theorems are then used to provide a procedure to the system designer to construct a GNI secure system from GNI secure components. We also investigate reasons behind the composability of restrictiveness and n-forward correctability. It is shown that these properties compose because they eliminate one of the conditions that causes the composition of GNI secure components to fail.