Skip to Main content Skip to Navigation
Conference papers

Compatibility of Safety Properties and Possibilistic Information Flow Security in MAKS

Abstract : Motivated by typical security requirements of workflow management systems, we consider the integrated verification of both safety properties (e.g. separation of duty) and information flow security predicates of the MAKS framework (e.g. modeling confidentiality requirements). Due to the refinement paradox, enforcement of safety properties might violate possibilistic information flow properties of a system. We present an approach where sufficient conditions for the compatibility of safety properties and information flow security are derived by performing an information flow analysis of a monitor enforcing the safety property and applying existing compositionality results for MAKS security predicates. These conditions then guarantee that the composition of a target system with the monitor satisfies both kinds of properties. We illustrate our approach by deriving sufficient conditions for the security-preserving enforcement of separation of duty and ordered message delivery in an asynchronous communication platform.
Document type :
Conference papers
Complete list of metadata

Cited literature [18 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, September 22, 2016 - 2:26:10 PM
Last modification on : Thursday, June 4, 2020 - 6:24:02 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Thomas Bauereiss, Dieter Hutter. Compatibility of Safety Properties and Possibilistic Information Flow Security in MAKS. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. pp.250-263, ⟨10.1007/978-3-642-55415-5_21⟩. ⟨hal-01370371⟩



Record views


Files downloads