Affiliation:
1. School of Computer Science and Engineering, The University of New South Wales, Sydney, Australia
Abstract
Abstract
This paper deals with architectural designs that specify components of a system and the permitted flows of information between them. In the process of systems development, one might refine such a design by viewing a component as being composed of subcomponents, and specifying permitted flows of information between these subcomponents and others in the design. The paper studies the soundness of such refinements with respect to a spectrum of different semantics for information flow policies, including Goguen and Meseguer’s purge-based definition, Haigh and Young’s intransitive purge-based definition, and some more recent notions TA-security, TO-security and ITO-security defined by van der Meyden. It is shown that all these definitions support the soundness of architectural refinement, for both a state- and an action-observed model of systems. A notion of systems refinement in which the information content of observations is reduced is also studied. It is also shown that refinement preserves weak access control structure, an implementation mechanism that ensures TA-security.
Publisher
Association for Computing Machinery (ACM)
Subject
Theoretical Computer Science,Software
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Using Architecture to Reason about Information Security;ACM Transactions on Information and System Security;2015-12-09
2. A Cut Principle for Information Flow;2015 IEEE 28th Computer Security Foundations Symposium;2015-07