Scribd
Upload
56 views

Information Flow Policy

The document discusses information flow and how it relates to security models. It defines information flow as when the value of an object y allows one to deduce the value of another object x. A key security constraint is that information can only flow from a lower security level object to a higher one. The Bell-LaPadula model only allows flows where the target security level dominates the source. Strong flows directly affect values, while weak flows indirectly affect values.

Uploaded by

tryin2blucky
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
56 views

Information Flow Policy

The document discusses information flow and how it relates to security models. It defines information flow as when the value of an object y allows one to deduce the value of another object x. A key security constraint is that information can only flow from a lower security level object to a higher one. The Bell-LaPadula model only allows flows where the target security level dominates the source. Strong flows directly affect values, while weak flows indirectly affect values.

Uploaded by

tryin2blucky
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Information Flow

Information Flow Policy Any confidentiality and integrity model embodies an information flow policy There is thus the need for assurance that information flow doesn't violate the constraints of such a policy. Access control can constrain the rights of a user, but not the flow of information between subjects or objects There is thus the need for mechanisms that control the flow of information in addition to access control

Example In the Bell-LaPadula model, information can flow from one object to another if and only if the second object dominates the first Definition of Information Flow Components o Object x o Object y o Sequence of commands S Definition Information flows from object x to object y if, after the execution of the sequence of commands S, the value in object y allows one to deduce (figure out) the value in object x Notation o y x o x is called the source of the information flow o y is called the target of the information flow Security Constraints on Information Flow The Bell-LaPadula model y x is secure if and only if the security level of y dominates that of x Notations o x: security level of x o : dominate o : dominated by

y x requires that yx(or xy)

Types of Information Flow Strong information flow y x according to the definition Value of x directly/explicitly affects the value of y o y = f(x) f( ) is an arithmetic expression Weak information flow y x according to the definition Value of x indirectly/implicitly affects the value of y o If (f1(x)) then y = f2 (a) else B = f3(b) f1( ), f2( ) and f3( ) are arithmetic expressions a and b are objects. Information Flow in Programs Program statements o Assignment statement o Compound statement o Conditional statement o Iterative statement o Goto statement o Procedure call o Function call o Input/output statement Assignment Statement Statement y = f(x1, x2, , xn) Information flows o Strong information flows y x1 y x2 y xn o Weak information flows None Security requirement

lub(x1, x2, xn) y

You might also like