Constraining how information may flow within a system is at the heart of many protection mechanisms and many security policies have direct interpretations in terms of information flow and multilevel security style controls. However, while conceptually simple, multilevel security controls have been difficult to achieve in practice. In this paper we explore how the traditional assurance measures that are used in the network multilevel security model can be re-interpreted and generalised to provide the basis of a framework for reasoning about the quality of protection provided by a secure system configuration.

Abstract The security of a network configuration is based not just on the security of its individual components and their direct interconnections, but also on the potential for systems to interoperate indirectly across network routes. Such interoperation has been shown to provide the potential for circuitous paths across a network that violate security. In this paper we propose a constraint-based framework for representing access control configurations of systems. The secure reconfiguration of a system is depicted as a constraint satisfaction problem.

Abstract not found

Abstract—In the discipline of computer security, the field of Trust Management Design is dedicated to the design of trusted systems, in particular trusted networks. One common trusted mechanism used these days is the Multi-Level Security (MLS) mechanism, that allows simultaneous access to systems by users with different levels of security clearance in an interconnected network. Vulnerability arises when an intruder takes advantage of the network connectivity and creates an inappropriate flow of information across the network, leading to the so-called Cascade Vulnerability Problem (CVP). In this article, we extend an existent approach to this problem proposed by Bistarelli et al. [1] that models, detects and properly eliminates the CVP in a network. This particular approach expresses a solution of the problem using Constraint Programming. We incorporate real-world criteria to consider into this approach, such as the bandwidth, electricity, cost of connections. Considering such features in CVP results in generating a constraint optimization problem.

Abstract. The semiring-based formalism to model soft constraint has been introduced in 1995 by Ugo Montanari and the authors of this paper. The idea was to make constraint programming more flexible and widely applicable. We also wanted to define the extension via a general formalism, so that all its instances could inherit its properties and be easily compared. Since then, much work has been done to study, extend, and apply this formalism. This papers gives a brief summary of some of these research activities. 1 Before soft constraints: a brief introduction to constraint programming