Possibilistic Definitions of Security - An Assembly Kit
We present a framework in which different notions of securitycan be defined in a uniform and modular way. Eachdefinition of security is formalized as a security predicateby assembling more primitive basic security predicates. Acollection of such basic security predicates is defined andwe demonstrate how well-known concepts like generalizednon-interference or separability can be constructed fromthem. The framework is open and can be extended with newbasic security predicates using a general schema. We investigatethe compatibility of the assembled definitions withsystem properties apart from security and propose a newdefinition of security which does not restrict non-criticalinformation flow. It turns out that the modularity of ourframework simplifies these investigation. Finally, we discussthe stepwise development of secure systems.
[ BibTeX entry | PDF | zipped Postscript ]