Skip to Main content Skip to Navigation
Conference papers

Compatibility of Safety Properties and Possibilistic Information Flow Security in MAKS

Abstract : Motivated by typical security requirements of workflow management systems, we consider the integrated verification of both safety properties (e.g. separation of duty) and information flow security predicates of the MAKS framework (e.g. modeling confidentiality requirements). Due to the refinement paradox, enforcement of safety properties might violate possibilistic information flow properties of a system. We present an approach where sufficient conditions for the compatibility of safety properties and information flow security are derived by performing an information flow analysis of a monitor enforcing the safety property and applying existing compositionality results for MAKS security predicates. These conditions then guarantee that the composition of a target system with the monitor satisfies both kinds of properties. We illustrate our approach by deriving sufficient conditions for the security-preserving enforcement of separation of duty and ordered message delivery in an asynchronous communication platform.
Document type :
Conference papers
Complete list of metadata

Cited literature [18 references]  Display  Hide  Download

https://hal.inria.fr/hal-01370371
Contributor : Hal Ifip <>
Submitted on : Thursday, September 22, 2016 - 2:26:10 PM
Last modification on : Thursday, June 4, 2020 - 6:24:02 PM

File

978-3-642-55415-5_21_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Thomas Bauereiss, Dieter Hutter. Compatibility of Safety Properties and Possibilistic Information Flow Security in MAKS. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. pp.250-263, ⟨10.1007/978-3-642-55415-5_21⟩. ⟨hal-01370371⟩

Share

Metrics

Record views

410

Files downloads

377