Citations: A logical view of secure dependencies - Bieber, Cuppens (ResearchIndex)

39 citations found. Retrieving documents...

11 P. Bieber, F. Cuppens. A logical view of secure dependencies. Journal of Computer Security, 1(1):99-129, 1992.

Home/Search Document Not in Database Summary Related Articles Check

This paper is cited in the following contexts:

First 50 documents

Classification of Security Properties (Part I: Information Flow) - Focardi, Gorrieri (Correct)

....1. Information flows in multilevel security. direct and indirect leakages, as, in this perspective, they both become unwanted information flows . In the literature, there are many di#erent security definitions reminiscent of the information flow idea, each based on some system model (see, e.g. [36, 64, 41, 48, 49, 62, 7]) In [24] we have compared and classified them, leading to our proposed notion of Bisimulation Non Deducibility on Compositions (BNDC , for short) We will present BNDC starting by the idea of Non Interference [36] Through a running example and a comparison with other existing approaches, we ....

P. Bieber and F. Cuppens. "A Logical View of Secure Dependencies". Journal of Computer Security, 1(1):99--129, 1992.

From Security to Safety and Back - Stavridou, Dutertre (Correct)

.... flavors of information flow models proposed in the literature, we use a trace based model similar to those used by Wittbold and Johnson and by Gray [12, 39] Based on this model, we examine three examples of security properties: noninterference [9, 20] nondeducibility [37] and causality [2, 31]. 2.1 Examples of Security Properties A system s interface consists of a set of ports C and a set D that serves both as input and output alphabet. The set C is split into two disjoint subsets I and O that represent input and output ports, respectively. We assume D contains a special symbol ....

....on B is the same as nondeducibility of the events on B from observing events on A. 2.1.3 Causality In [31] Roscoe defines two security properties for systems modeled as CSP processes. These security properties are closely related to the notion of causality proposed earlier by Bieber and Cuppens [2]. In both approaches, a system is secure if it appears deterministic to its low level users. Simpson et al. have recently adapted Roscoe s definition of noninterference to safety and fault tolerance [35] Assume a user has access to a set of input ports A and can observe a set of output ports B. ....

P. Bieber and F. Cuppens. A Logical View of Secure Dependencies. Journal of Computer Security, 1(1):99--129, 1992.

Group Principals and the Formalization of Anonymity - Syverson, Stubblebine (1999) (27 citations) (Correct)

....recent encouraging advances have been made by Volpano and Smith [27] This state of affairs has been mirrored on the formal level as well. There have been possibilistic characterizations of many possibilistic noninterference properties in a variety of formalisms, including notably epistemic logic [3, 14]. And, there have even been some epistemic characterizations of probabilistic noninterference [24] But, again, most of the development as well as discussion of more complex systems has been in terms of possibilistic properties. Our expectation is that the situation is likely to be analogous when ....

P. Bieber and F. Cuppens. A logical view of secure dependencies. Journal of Computer Security, 1(1):99--129, 1992.

Controlling causal dependencies over a Secure Network - Bruno Ausbourg Christel (Correct)

....transitions made by the system. An elementary transition can modify a point: then, at instant t, it sets a new value v for the object o of the point. This instant t and the new value v functionally depend on previous points. This functional dependency on previous points is named causal dependency[2]. The causal dependency of (o,t) on (o ,t ) with t t is denoted by (o ,t ) o,t) Informally, by (o,t) causally depends on (o ,t ) we mean that the point (o ,t ) is used to generate the point (o,t) More precisely the system can be described by a four tuple S= O,T,D,V where: O is the set ....

....subject s can alter an input point x i then he has the right to alter x i and any point in dep(x i ) So a subject s can alter and modify only some information he has the right to alter. In other words, the system is secure (as defined by (1) and (2) Condition (4) defines secure dependencies [2]. This condition may seem strong, but it is quite interesting because it gives the semantics of an internal control which can be exerted on each system transition when a relation of causal dependency is involved. It enforces the exhaustive control of information flows. This control of information ....

P. Bieber, F. Cuppens, "A logical view of secure dependencies." In Journal of Computer Security, Vol. 1, Nr. 1, IOS Press, 1992

A Logical Approach to Multilevel Security of Probabilistic.. - Gray, III, Syverson (1992) (17 citations) (Correct)

....Formula 1 is intuitively interpreted as If L knows then L is permitted to know , or in other words, what L knows is a subset of what L is permitted to know . This intuitively appealing formula was proposed by Glasgow, MacEwen, and Panangaden [13] and further developed by Bieber and Cuppens [1, 2]. In our prior work, we extended their approach to a probabilistic framework, retaining the syntactic form of their definition of security, viz Formula 1. However, the knowledge operator (KL ) proposed by Bieber and Cuppens (and its probabilistic analog proposed by us) is nonstandard and rather ....

....high environment) denoted H, and (3) the covert receivers (or alternatively, the low environment) denoted L. In the remainder of the paper, we will tacitly assume that the global system is comprised of these three agents. MODEL OF COMMUNICATION Our model of communication is similar to those of [2], 16] and [29] We view Sigma s interface as a collection of channels on which inputs and outputs occur. Since we consider the agent H (resp. L) to consist of all processing that is done in the high (resp. low) environment, including any communication mechanism that delivers messages to ....

[Article contains additional citation context not shown here]

P. Bieber and F. Cuppens. A logical view of secure dependencies. Journal of Computer Security, 1(1):99--129, 1992. 44

A Logical Approach to Multilevel Security of Probabilistic.. - Gray, III, Syverson (1992) (17 citations) (Correct)

....Formula 1 is intuitively interpreted as If L knows then L is permitted to know , or in other words, what L knows is a subset of what L is permitted to know . This intuitively appealing formula was proposed by Glasgow, MacEwen, and Panangaden [14] and further developed by Bieber and Cuppens [1, 2]. In other work [19] we extended their approach to a probabilistic framework, retaining the syntactic form of their definition of security, viz Formula 1. However, the knowledge operator (K L ) proposed by Bieber and Cuppens (and its probabilistic analog proposed by us) is nonstandard and rather ....

....(or alternatively, the low environment) denoted L. In the remainder of the paper, we will tacitly assume that the global system is comprised of these three agents. MODEL OF COMMUNICATION Our model of communication is similar to those of Bieber and Cuppens, Millen, and the first author (cf. [2], 32] and [17] respectively) We view Sigma s interface as a collection of channels on which inputs and outputs occur. Since we consider the agent H (resp. L) to consist of all processing that is done in the high (resp. low) environment, including any communication mechanism that delivers ....

P. Bieber and F. Cuppens. A logical view of secure dependencies. Journal of Computer Security, 1(1):99--129, 1992.

Certification D'un Porte-Monnaie Electronique - Published In Formalisation Self-citation (Bieber) (Correct)