Accession Number:

ADA229043

Title:

Unifying Information Flow Policies

Descriptive Note:

Corporate Author:

ROYAL SIGNALS AND RADAR ESTABLISHMENT MALVERN (UNITED KINGDOM)

Personal Author(s):

Report Date:

1990-10-01

Pagination or Media Count:

104.0

Abstract:

Confidentiality security is concerned with restricting the disclosure of information in systems. One way of achieving this is to use an information flow policy which defines the different classes of information for example, classified, secret, etc. that can exist in the system and a flow relation which describes how information may flow between these classes. System entities users, processes, files, etc. are considered to be the sources and sinks of information, and each is bound to a security class from the flow policy. This report proposes a structure for describing information flow policies that can express transitive, aggregation and separation of duty exceptions. Operators for comparing, composing and abstracting flow policies are described. These allow complex policies to be built from simpler policies. Many existing confidentiality and by using a dual model, integrity policies can be captured in this framework. A high water mark model is developed that can enforce these information flow policies. This model provides the basis for a taxonomy of existing high water mark mechanisms. EDC

Subject Categories:

  • Information Science
  • Operations Research

Distribution Statement:

APPROVED FOR PUBLIC RELEASE