A lattice model of secure information flow

Author:
Dorothy E. Denning

Purdue Univ., West Lafayette, IN

Purdue Univ., West Lafayette, IN
View Profile

Authors Info & Claims

Communications of the ACM Volume 19 Issue 5May 1976pp 236–243https://doi.org/10.1145/360051.360056

Published:01 May 1976Publication History

Communications of the ACM

Abstract

This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. The central component of the model is a lattice structure derived from the security classes and justified by the semantics of information flow. The lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security. The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches. It also leads to the construction of automatic program certification mechanisms for verifying the secure flow of information through a program.

References

1 Andrews, G.R. COPS-a protection mechanism for computer systems. Ph.D. Th., U. of Washington, July 1974. Google ScholarDigital Library
2 Bell, D.E., and LaPadula, L.J. Secure computer systems: mathematical foundations and model. M74-244, The MITRE Corp., Bedford, Mass., May 1973.Google Scholar
3 Birkhoff, G. Lattice Theory. Amer. Math. Soc. Col. Pub., XXV, 3rd. ed., 1967.Google Scholar
4 Denning, D.E. Secure information flow in computer systems. Ph.D. Th., Purdue U., CSD TR 145, May 1975. Google ScholarDigital Library
5 Denning, D.E., Denning, P.J., and Graham, G.S. Selectively confined subsystems. Proc. International Workshop on Protection in Operating Systems. IRIA, Aug. 1974, pp. 55-61.Google Scholar
6 Fenton, J.S. Information protection systems. Ph.D. Th., U. of Cambridge, 1973.Google Scholar
7 Fenton, J.S. Memoryless subsystems. Computer J. 17, 2 (May 1974), 143-147.Google ScholarCross Ref
8 Fenton, J.S. An abstract computer model demonstrating directional information flow. U. of Cambridge, 1974.Google Scholar
9 Gaines, R.S. An operating system based on the concept of a supervisory computer. Comm. ACM 15, 3 (March 1972), 150-156. Google ScholarDigital Library
10 Gat, I., and Saal, H.J. Memoryless execution: a programmer's viewpoint. IBM Tech. Rep. 025, IBM Israeli Scientific Center, March 1975.Google Scholar
11 Graham, G.S., and Denning, P.J. Protection-principles and practice. AFIPS Conf. Proc., Vol. 40, 1972 SJCC, AFIPS Press, Montvale, N.J., pp. 417-429.Google Scholar
12 Harrison, M.A., Ruzzo, W.L., and Ullman, J.D. On protection in operating systems. Proc. Fifth Symposium on Operating Systems Principles, The University of Texas at Austin, Nov. 1975, pp. 14-24. Google ScholarDigital Library
13 Jones, A.K. Protection in programmed systems. Ph.D. Th., Carnegie-Mellon U., June 1973. Google ScholarDigital Library
14 Jones, A.K., and Lipton, R.J. The enforcement of security policies for computation. Proc. Fifth Symposium on Operating Systems Principles, The University of Texas at Austin, Nov. 1975, pp. 197-206. Google ScholarDigital Library
15 Lampson, B.W. Protection. Proc. Fifth Princeton Symposium on Information Sciences and Systems, Princeton U., March 1971, pp. 437-443.Google Scholar
16 Lampson, B.W. A note on the confinement problem. Comm. ACM 16, 10 (Oct. 1973), 613-615. Google ScholarDigital Library
17 Minsky, M.L. Computation; Finite and Infinite Machines. Prentice-HaU, Engiewood Cliffs, N.J., 1967. Google ScholarDigital Library
18 Organick, E.I. The MULTICS System: An Examination of its Structure, MIT Press, 1972. Google ScholarDigital Library
19 Rotenberg, L.J. Making computers keep secrets. Ph.D. Th., MIT, MAC TR-115, Feb. 1974.Google Scholar
20 Schroeder, M.D., and Saltzer, J.H. A hardware architecture for implementing protection rings, Comm. ACM 15, 3 (March 1972), 157-170. Google ScholarDigital Library
21 Stone, H.S. Discrete Mathematical Structures and their Applications. SRI, Chicago 1973.Google Scholar
22 Walter, K.G., et al. Modeling the security interface. Rep. No. 1158, Jennings Computing Center, Case Western Reserve U., Aug. 1974.Google Scholar
23 Weissman, C. Security controls in the ADEPT-50 time-sharing system. AFIPS Conf. Proc., Vol. 35, 1969 FJCC, AFIPS Press, Montvale, N.J., pp. 417-429.Google ScholarDigital Library
24 Wulf, W., et al. HYDRA: The kernel of a multi-processor system. Comm. ACM 17, 6 (June 1974), 337-345. Google ScholarDigital Library

Index Terms

A lattice model of secure information flow
1. Security and privacy
  1. Systems security
    1. Operating systems security

Index terms have been assigned to the content through auto-classification.

Recommendations

Certification of programs for secure information flow

ertification mechanism for verifying the secure flow of information through a program. Because it exploits the properties of a lattice structure among security classes, the procedure is sufficiently simple that it can easily be included in the analysis ...
Read More
A Security Model Based on Lattice
ICECE '10: Proceedings of the 2010 International Conference on Electrical and Control Engineering

In order to protect confidentiality and integrity of information in the computer information systems, in general, we need to follow some security polices to access and handle information. The BLP model only to resolve the confidentiality problem, and ...
Read More
An Application of the (max, +) Algebra to Information Flow Security
ICN '08: Proceedings of the Seventh International Conference on Networking

Confidentiality is one of the most important topics in computer security research. In order to check and ensure confidentiality information flow models are widely used. These models support the specification of valid flows of information. Furthermore, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Communications of the ACM Volume 19, Issue 5
May 1976
83 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/360051
Editor:
Robert L. Ashenhurst
Univ. of Chicago, Chicago, IL
Issue’s Table of Contents
Copyright © 1976 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 May 1976
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
information flow
lattice
program certification
protection
security
security class
Qualifiers
- article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1,407
  Total Citations
  View Citations
- 7,527
  Total Downloads
- Downloads (Last 12 months)582
- Downloads (Last 6 weeks)76
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A lattice model of secure information flow

Communications of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Certification of programs for secure information flow

A Security Model Based on Lattice

An Application of the (max, +) Algebra to Information Flow Security