S. N. Foley. A universal theory of information flow. In Proceedings of the IEEE Symposium on Security and Privacy, pages 116--122, Apr. 1987.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....a property holds, one can conclude that no information ow is ever possible from high to low level. A possibilistic security property can be regarded as an extension of non interference to nondeterministic systems. Starting with Sutherland [34] various such extensions have been proposed, e.g. [4, 9, 17, 22 25, 29, 33, 35]. Most of these properties are based on traces, i.e. the behavior of a system that may possibly be observed is the set of its execution sequences. Examples are noninference [29] generalized non interference [22] restrictiveness [22] and the perfect security property [35] In [4] Focardi and ....

S. N. Foley. A Universal Theory of Information Flow. In Proc. of the IEEE Symposium on Security and Privacy, pages 116-122. IEEE Computer Society Press, 1987.

....a property holds, one can conclude that no information ow is ever possible from high to low level. A possibilistic security property can be regarded as an extension of noninterference to non deterministic systems. Starting with Sutherland [34] various such extensions have been proposed, e.g. [4, 9, 16, 21 24, 28, 33, 35]. Most of these properties are based on traces, i.e. the behavior of a system that may possibly be observed is the set of its execution sequences. Examples are non inference [28] generalized non interference [21] restrictiveness [21] and the perfect security property [35] In [4] Focardi and ....

S. N. Foley. A Universal Theory of Information Flow. In Proc. of the IEEE Symposium on Security and Privacy, pages 116-122. IEEE Computer Society Press, 1987.

....of our general notion. 1. Introduction The problem of protecting confidential data in a multilevel system is one of the relevant issues in computer security. Information flow security aims at guaranteeing that no high level (confidential) information is revealed to users running at low levels [8, 14, 5, 17, 22, 20], even in the presence of any possible malicious process. An early attempt to formalize the absence of information flow was the concept of noninterference proposed in the seminal paper by Goguen and Meseguer [9] and further developed in [5, 6, 3, 11, 18, 21, 10] Intuitively, to establish that ....

S. N. Foley. A Universal Theory of Information Flow. In Proc. of the IEEE Symposium on Security and Privacy, pages 116--122. IEEE Computer Society Press, 1987.

....system call into input, internal, and output events, and which have a general way of expressing legal sequences of events. One of the earliest and most in uential of these models is Hoare s CSP [Hoa85] and some work has been done to express noninterference in the context of CSP and related models [Fol87, Gra93]. We will use the event system model introduced by McCullough [McC88a] Event systems are expressible in CSP, but they are simpler conceptually, they can be described without the trappings of the CSP algebra, and the results we wish to extend here were presented in an event system context. 1.2.3 ....

S. N. Foley, \A Universal Theory of Information Flow ," Proc. 1987 IEEE Symp. on Security and Privacy, pp. 116-122

....level users observe something they believe is connected with high level user activity: Information is transmitted along an object when variety in the events engaged by a [high level] user can be conveyed to a [low level] user as a result of [the high level users] interaction with the object. Foley87] There are two types of inferences that can be made: 1. possibilistic 2. probabilistic In the possibilistic case, one is interested in the possibility of certain events. In the probabilistic case the probability of the events is also considered. Nearly all work on secure systems has been on ....

Simon N. Foley. "A Universal Theory of Information Flow," Proceding of the

....flow in multi threaded programs in the presence of synchronisation. We give a small step operational semantics for a simple shared memory multi threaded language with synchronisation and present a compositional bisimulationbased confidentiality specification that captures timing leaks. Inspired by [12], we propose a type based analysis improving on previous approaches to reject insecure programs. In both denotational and operational approaches, the security conditions satisfy compositionality properties, which facilitates straightforward proofs of correctness, e.g. for security type systems. ....

....2 Platform Security: Architecture, API Design, and Implementation. Addison Wesley, 1999. 9 10 Introduction [11] J.W. Gray III. Probabilistic interference. In Proceedings of the IEEE Symposium on Security and Privacy, pages 170 179, Oakland, California, May 1990. IEEE Computer Society Press. [12] J. Hughes. Sampling and proof: A half case study. In G. Jones and M. Sheeran, editors, Proceedings of the Workshop on Designing Correct Circuits, Workshops in Computing, pages 92 98, Oxford, England, September 1990. Springer Verlag. 13] D. McCullough. Specifications for multi level security ....

[Article contains additional citation context not shown here]

Simon N. Foley. A Universal Theory of Information Flow. In Proceedings of the IEEE Symposium on Security and Privacy, pages 116--122, Oakland, CA, April 27--29 1987.

....can be true or false for a given set of traces. In a distributed setting, these traces can be viewed as sequences of events like, e.g. communication of local processes in a distributed network. Many different approaches to this type of general information flow control have been proposed (e.g. [13, 30, 12, 22, 16, 14, 33, 25, 26]) which increased the need to unify and to compare. This has led to uniform frameworks and detailed comparisons [23, 10, 34, 18] Another line of research that is becoming increasingly popular is information flow control in a setting of a concrete programming language. The efforts in this area ....

S. N. Foley. A Universal Theory of Information Flow. In Proceedings of the IEEE Symposium on Security and Privacy, pages 116--122, Oakland, CA, April 27--29 1987.

....theorem which states that unwinding conditions imply an abstract de nition of non interference. Since the original work of Goguen and Meseguer, numerous articles have been published in which non interference among other improvements has been extended to non deterministic systems, e.g. [Sut86,Fol87,McC87,McL94,ZL97]. A possibilistic security property can be regarded as an extension of noninterference to non deterministic systems. The underlying idea is that an observer cannot deduce con dential information if the set of possible behaviours which generate a given observation is large enough. However, the ....

Simon N. Foley. A Universal Theory of Information Flow. In Proceedings of the IEEE Symposium on Security and Privacy, pages 116-122, 1987.

....When subsystems that satisfy non interference are joined together, the resulting system need not be non interfering. Non interference requires that system specifications be deterministic, otherwise covert channels can appear during refinement. A related approach is taken by [Jacob88,90] and [Foley87] who use the trace model of the 1985 version of CSP [Hoare85] to reason about security properties of a system s specification. 6.2 Other Aspects The flows considered in this paper are those that occur between variables in the programme. There are other channels of information flow. In ....

Foley (S.N.), "A Universal Theory of Information Flow", in Proceedings of the 1987 Symposium on Security and Privacy, Oakland, California, 1987, pages 116-122.

....denoted x Gamma y, takes place from an object x to another object y if y contains information about x after the execution of some program involving both objects. 2 3. 2 Information Flow Security Information flow analysis has been applied in determining information security in computer systems [6, 7, 16, 19, 18, 10, 11]. Analyzing the information flow due to the execution of some operation, we can determine whether such a flow violates a given security policy. Axiom 1 forms the basis of such analysis. In a given system, the security policy will specify which flows are legal. Any flows, other than those ....

S. N. Foley. A Universal Theory of Information Flow. In Proc. 1987 IEEE Symposium on Research in Security and Privacy, pages 116--122. IEEE Computer Society Press, April 1987.

....the low level users observe something they believe is connected with high level activity. Information is transmitted along an object when variety in the events engaged by a [high level] user can be conveyed to a [low level] user as a result of [the high level users] interaction with the object. [5] Separability is an example of a system with no possibilistic information flow. This is ensured because all high level traces must be consistent with any low level observation t low . However, Separability is too strong. Consider a low level user observing a sequence t low from a system S. The ....

Simon N. Foley. "A Universal Theory of Information Flow," Proceedings of the 1987 IEEE Symposium on Research in Security and Privacy, pages 116-121. IEEE Press. 1987.

No context found.

S. N. Foley. A universal theory of information flow. In Proceedings of the IEEE Symposium on Security and Privacy, pages 116--122, Apr. 1987.

No context found.

S. N. Foley, A Universal Theory of Information Flow, in: Proc. of the IEEE Symposium on Security and Privacy (SSP'87), IEEE Computer Society Press, 1987, pp. 116-122.

No context found.

S. N. Foley. A Universal Theory of Information Flow. In Proc. of the IEEE Symposium on Security and Privacy, pages 116-122. IEEE Comp. Soc. Press, 1987.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC