The literature on information flow security with respect to transitive policies has been concentrated largely on the case of policies with two security domains, High and Low, because of a presumption that more general policies can be reduced to this two-domain case. The details of the reduction have not been the subject of careful study, however. Many works in the literature use a reduction based on a quantification over “Low-down” partitionings of domains into those below and those not below a given domain in the information flow order. A few use “High-up” partitionings of domains into those above and those not above a given domain. Our paper argues that more general “cut” partitionings are also appropriate, and studies the relationships between the resulting multi-domain notions of security when the basic notion for the two-domain case to which we reduce is either Nondeducibility on Inputs or Generalized Noninterference. The Low-down reduction is shown to be weaker than the others, and while the High-up reduction is sometimes equivalent to the cut reduction, both it and the Low-down reduction may have an undesirable property of non-monotonicity with respect to a natural ordering on policies. These results suggest that the cut-based partitioning yields a more robust general approach for reduction to the two-domain case.
CITATION STYLE
Woizekowski, O., & Van Der Meyden, R. (2016). On reductions from multi-domain noninterference to the two-level case. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9878 LNCS, pp. 520–537). Springer Verlag. https://doi.org/10.1007/978-3-319-45744-4_26
Mendeley helps you to discover research relevant for your work.