By Topic

An algorithmic approach to verification of intransitive non-interference in security policies

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Hadj-Alouane, N.B. ; Dept. of Appl. Comput. Sci., Manouba Univ., Tunisia ; Lafrance, S. ; Feng Lin ; Mullins, J.
more authors

In this paper, we generalize our algorithmic approach to the problem of verification of the property of intransitive non-interference (INI) using tools and concepts of discrete event systems (DES) that we first proposed in Hadj-Alouane, N., et al. (2004). The reason that we are interested in INI is that it can be used to solve several important security problems in systems and protocols. We have shown that the notion of iP-observability captures precisely the property of INI. In Hadj-Alouane, N., et al. (2004), we have developed algorithms to check iP-observability by indirectly checking P-observability. This indirect method works only for systems with at most three security levels. In this paper, we develop a direct method for checking iP-observability, which is based on an insightful observation that iP-purge is a left-congruence in terms of relations on formal languages. This directly method can be used for systems with more than three security levels. To demonstrate the application of our approach, in the full version of this paper, we propose a formal method to detect denial of service vulnerabilities in security protocols based on INI. This method is illustrated using the TCP/IP protocol.

Published in:

Decision and Control, 2004. CDC. 43rd IEEE Conference on  (Volume:1 )

Date of Conference:

14-17 Dec. 2004