Title :
A model for secure information flow
Author_Institution :
Dept. of Comput. Sci., Univ. Coll., Cork, Ireland
Abstract :
A model that characterizes systems that restrict information flow is proposed. The model, called the confinement model, provides greater flexibility in the binding of entities to their security classes than the current static case. A consequence of the nature of security class binding in the confinement model is its ability to enforce nontransitive information-flow policies. A framework of information-flow policies is defined which forms a distributive lattice under operations for policy ordering and combination. It is shown that a state-based MAC (mandatory access) version of the confinement model is the same as a traditional Bell and LaPadula MAC model, except that the confinement model includes a special rule on dynamic class change
Keywords :
programming theory; security of data; MAC model; confinement model; dynamic class change; entities; information-flow policies; policy ordering; secure information flow; security classes; state-based MAC; Computer science; Data security; Educational institutions; Information security; Lattices; Upper bound;
Conference_Titel :
Security and Privacy, 1989. Proceedings., 1989 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-1939-2
DOI :
10.1109/SECPRI.1989.36299
