Skip to main content
SpringerLink
Log in
Book cover

Quality of Protection pp 93–105Cite as

Multilevel Security and Quality of Protection

  • Conference paper

Part of the book series: Advances in Information Security ((ADIS,volume 23))

Abstract

Constraining how information may flow within a system is at the heart of many protection mechanisms and many security policies have direct interpretations in terms of information flow and multilevel security style controls. However, while conceptually simple, multilevel security controls have been difficult to achieve in practice. In this paper we explore how the traditional assurance measures that are used in the network multilevel security model can be re-interpreted and generalised to provide the basis of a framework for reasoning about the quality of protection provided by a secure system configuration.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bell, D.E., Padula, L.J.L.: Secure computer system: unified exposition and MULTICS interpretation. Report ESD-TR-75-306, The MITRE Corporation (1976)

    Google Scholar 

  2. Denning, D.: A lattice model of secure information flow. Communications of the ACM 19(5) (1976)236–243

    Article  MATH  MathSciNet  Google Scholar 

  3. TNI: Trusted computer system evaluation criteria: trusted network interpretation. Technical report, National Computer Security Center (1987) Red Book.

    Google Scholar 

  4. Foley, S.: Aggregation and separation as noninterference properties. Journal of Computer Security 1(2) (1992) 159–188

    Google Scholar 

  5. Sandhu, R.: Lattice based access control models. IEEE Computer 26(11) (1993) 9–19

    Google Scholar 

  6. Lee, T.: Using mandatory integrity to enforce ‘commercial’ security. In: Proceedings of the Symposium on Security and Privacy. (1988) 140–146

    Google Scholar 

  7. Foley, S.: The specification and implementation of commercial security requirements including dynamic segregation of duties. In: ACM Conference on Computer and Communications Security. (1997) 125–134

    Google Scholar 

  8. Sandhu, R.: Role hierarchies and constraints for lattice-based access controls. In: ESORICS. (1996)

    Google Scholar 

  9. Popescu, B., Crispo, B., Tanenbaum, A.: Support for multi-level security policies in drm architectures. In: 13th New Security Paradigms Workshop. (2004)

    Google Scholar 

  10. Schellhorn, G., Reif, W., Schairer, A., Karger, P., Austel, V., Toll, D.: Verification of a formal security model for multiapplicative smart cards. In: ESORICS. (2000) 17–36

    Google Scholar 

  11. Schaefer, M: If Al is the answer, what was the question? an edgy naif's retrospective on promulgating the trusted computer systems evaluation criteria. In: Annual Computer Security Applications Conference, IEEE Press (2004) 204–228

    Google Scholar 

  12. Millen, J.: 20 years of covert channel modeling and analysis. In: IEEE Symposium on Security and Privacy. (1999) 113–114

    Google Scholar 

  13. McLean, J.: Reasoning about security models. In: Proceedings 1987 IEEE Symposium on Security and Privacy. (1987) 123–131

    Google Scholar 

  14. Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proceedings 1984 IEEE Symposium on Security and Privacy. (1984) 75–86

    Google Scholar 

  15. Foley, S.: A universal theory of information flow. In: Proceedings 1987 IEEE Symposium on Security and Privacy. (1987) 116–121

    Google Scholar 

  16. Sutherland, D.: A model of information. In: Proceedings 9th National Computer Security Conference. (1986)

    Google Scholar 

  17. Focardi, R., Gorrieri, R.: A classification of security properties for process algebras. Journal of Computer Security 3(1) (1995) 5–33

    Google Scholar 

  18. Roscoe, A., Woodcock, J., Wulf, L.: Non-interference through determinism. Journal of Computer Security 4(1) (1995)

    Google Scholar 

  19. Ryan, P., Schneider, S.: Process algebra and non-interference. In: IEEE Computer Security Foundations Workshop. (1999) 214–227

    Google Scholar 

  20. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications, special issue on Formal Methods for Security 21(1)(2003)

    Google Scholar 

  21. McLean, J.: 20 years of formal methods. In: IEEE Symposium on Security and Privacy. (1999)113–114

    Google Scholar 

  22. Schneider, F.: Enforcable security policies. ACM Transactions on Information and Systems Security 3(1) (2000) 30–50

    Article  Google Scholar 

  23. Lewis, S., Wiseman, S.: Securing an object relational database. In: ACSAC, IEEE Computer Society (1997) 59–68

    Google Scholar 

  24. Foley, S.: Conduit cascades and secure synchronization. In: ACM New Security Paradigms Workshop. (2000)

    Google Scholar 

  25. Aziz, B., Foley, S., Herbert, J., Swart, G.: Configuring storage area networks for mandatory security. In: Proceedings of the 18th IFIP Annual Conference on Data and Applications Security, Kluwer (2004)

    Google Scholar 

  26. Foley, S.: A model for secure information flow. In: Proceedings of the Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press (1989)

    Google Scholar 

  27. Bistarelli, S.: Semirings for Soft Constraint Solving and Programming. Volume LNCS 2962. Springer (2004)

    Google Scholar 

  28. Bistarelli, S., Foley, S., O’Sullivan, B.: Detecting and eliminating the cascade vulnerability problem from multi-level security networks using soft constraints. In: Proceedings of AAAI/IAAI-2004 (16th Innovative Applications of AI Conference), AAAI Press San Jose (2004)808–813

    Google Scholar 

  29. Bistarelli, S., Foley, S., O’Sullivan, B.: Reasoning about secure interoperation using soft constraints. In: Proceedings of FAST-2004 Workshop on Formal Aspects of Security and Trust. (2004)

    Google Scholar 

  30. Swart, G., Aziz, B., Foley, S., Herbert, J.: Trading off security in a service oriented architecture. In: 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security. (2005)

    Google Scholar 

  31. Wallace, M: Practical applications of constraint programming. Constraints 1(1-2) (1996) 139–168

    Article  MathSciNet  Google Scholar 

  32. Millen, J., Schwartz, M.: The cascading problem for interconnected networks. In: 4th Aerospace Computer Security Applications Conference, IEEE CS Press (1988) 269–273

    Google Scholar 

  33. Branstad, M.,et al.: Trusted Mach design issues. In: Proceedings Third Aerospace Computer Security Conference. (1987)

    Google Scholar 

  34. U. S. Department of Defense: Trusted computer system criteria. Technical Report CSC-STD-OO1-83, U. S. National Computer Security Center (1983)

    Google Scholar 

  35. Horton, R., et al.: The cascade vulnerability problem. Journal of Computer Security 2(4) (1993)279–290

    Google Scholar 

  36. Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Solving and Optimization. JACM 44(2) (1997)201–236

    Article  MATH  MathSciNet  Google Scholar 

  37. Blakley, G., Kienzle, D.: Some weaknesses of the TCB model. In: IEEE Symposium on Security and Privacy, IEEE CS Press (1997)

    Google Scholar 

  38. Fitch, J., Hoffman, L.: A shortest path network security model. Computers and Security 12 (1993) 169–189

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University College, Cork, Ireland

    Simon N. Foley, Barry O’Sullivan & John Herbert

  2. Cork Constraint Computation Centre, University College Cork, Ireland

    Barry O’Sullivan

  3. Dipartimento di Scienze, Universitaà “G. D’Annunzio” di Chieti-Pescara, Italy

    Stefano Bistarelli

  4. Istituto di Informatica e Telematica, CNR, Pisa, Italy

    Stefano Bistarelli

  5. IBM Almaden Research Center, San Jose, CA, USA

    Garret Swart

Authors
  1. Simon N. Foley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefano Bistarelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Barry O’Sullivan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. John Herbert
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Garret Swart
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Security in Distributed Applications, TU Hamburg-Harburg, Harburger Schloßstraße 20, 21079, Hamburg, Germany

    Dieter Gollmann

  2. Dipartimento Informatica e Telecomunicazioni (DIT), University of Trento, Via Sommarive, 14 38050, Trento, Italy

    Fabio Massacci  & Artsiom Yautsiukhin  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer Science+Business Media, LLC.

About this paper

Cite this paper

Foley, S.N., Bistarelli, S., O’Sullivan, B., Herbert, J., Swart, G. (2006). Multilevel Security and Quality of Protection. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds) Quality of Protection. Advances in Information Security, vol 23. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-36584-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-36584-8_8

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-29016-4

  • Online ISBN: 978-0-387-36584-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation