J. W. Gray, III. Towards a mathematical foundation for information ow security. In Proceedings of the 1991.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....unauthorised users (aka con nement problem) has been extensively studied and various approaches have been proposed for its solution. After the introduction in the 1980s of the seminal notion of noninterference by Goguen and Meseguer [14] and in the 1990s of probabilistic noninterference by Gray [15], most of the works on con nement have been based on models which exploit the noninterference based formalisation of the problem: since (probabilistic) interference can be exploited by a Trojan horse to reliably leak high information to unauthorised users, the absence of any illegal information ....

....of any illegal information ow will guarantee the perfect con nement of a system. Such models ultimately depend on some notion of process equivalence by identifying the absence of information ow between two processes via the indistinguishability of their behaviours [24] As already noticed in [15] these models are aimed to achieve perfect security. This is in practice hardly achievable [23] By weakening the de nition of the con nement property so as to allow for a quanti able amount of interference we can make the de nition more usable, i.e. more systems will satisfy the de nition. ....

J.W. Gray, III. Towards a mathematical foundation for information ow security. In Proceedings of the 1991 Symposium on Research in Security and Privacy, pages 21-34, Oakland, California, May 1991. IEEE Computer Society.

....as secrecy, authentication, anonymity, etc. formal techniques for the analysis of security protocols have focused almost exclusively on nondeterministic attacker models. Attempts to incorporate probability into formal models have been limited to probabilistic characterization of non interference [Gra92,SG95,VS98], and process formalisms that aim to represent probabilistic properties of cryptographic primitives [LMMS99] This paper is an attempt to demonstrate how fully automated probabilistic analysis techniques can be used to give a quantitative characterization of probability based security properties. ....

J.W. Gray. Toward a mathematical foundation for information ow security. J. Computer Security, 1(3):255-294, 1992.

....5.9, sT s T . 6 Discussion The need for a probabilistic view of security in nondeterministic computer systems has been understood for some time [17, 13] Security properties (models) to treat probabilistic channels in nondeterministic systems have been formulated by McLean[12] and Gray [7, 8]. 19 It is important, however, to recognize that these e orts address a di erent problem than what we consider in this paper. They consider a computer system with a number of users, classi ed as high or low, who send inputs to and receive outputs from the system. The problem is to prevent high ....

James W. Gray, III. Toward a mathematical foundation for information ow security. In Proceedings 1991.

....invoke their exec methods. An active program maintains state by modifying its own bytecode representation prior to being forwarded. Yes, it s a hack. public class SelfRef implements ActiveProgram final String x = aaba ; public void exec(byte[ b, MyLoader loader) throws Exception if (b[13] = 0x08) CONSTANT String b[13] 0x01; set CONSTANT Utf8 b[14] 0x00; b[15] 0x00; Class classOf = loader.defineClass(b, 0, b.length) ActiveProgram p = ActiveProgram) classOf.newInstance( p.exec(b, loader) else System.out.println(x) public static void main(String[ ....

....program maintains state by modifying its own bytecode representation prior to being forwarded. Yes, it s a hack. public class SelfRef implements ActiveProgram final String x = aaba ; public void exec(byte[ b, MyLoader loader) throws Exception if (b[13] 0x08) CONSTANT String b[13] = 0x01; set CONSTANT Utf8 b[14] 0x00; b[15] 0x00; Class classOf = loader.defineClass(b, 0, b.length) ActiveProgram p = ActiveProgram) classOf.newInstance( p.exec(b, loader) else System.out.println(x) public static void main(String[ argv) throws Exception ....

[Article contains additional citation context not shown here]

James W. Gray, III. Toward a mathematical foundation for information ow security. In Proceedings 1991 IEEE Symposium on Security and Privacy, pages 21-34, Oakland, CA, May 1991.

No context found.

J. W. Gray, III. Towards a mathematical foundation for information ow security. In Proceedings of the 1991.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC