Information Flow

About This Presentation

Title:

Description:

Number of Views:10

Avg rating:3.0/5.0

Slides: 20

Provided by: matt298

Learn more at: https://www.rose-hulman.edu

Category:

Tags: flow | information | proa

Transcript and Presenter's Notes

Title: Information Flow

1
Information Flow

2
Overview

3
Bell-LaPadula Model

TSR,P
TSP
TSR
SR
SP
S
4
Entropy-Based Analysis

Command sequence takes a system from state s to
state t
xs is the value of x at state s
H(a b) is the uncertainty of a given b
Def A command sequence causes a flow of
information from x to y if H(xs yt) lt H(xs
ys). If y does not exist in s, then H(xs ys)
H(xs)

5
Example Flows

6
Another Example

if (x1) then y 0 else y 1
Suppose x is equally likely to be 0 or 1,
soH(xs) 1
But, H(xs yt) 0
So, H(xs yt) lt H(xs ys) H(xs)
Thus, information flows from x to y.
Def. An implicit flow of information occurs when
information flows from x to y without an explicit
assignment of the form y f(x)

7
Requirements for Information Flow Models

Reflexivity information should flow freely among
members of a class
Transitivity If b reads something from c and
saves it, and if a reads from b, then a can read
from c
A lattice has a relation R that is reflexive and
transitive (and antisymmetric)

8
Information Flow Models

An Information flow policy I is a triple I
(SCI, ?I, joinI), where SCI is a set of security
classes, ?I is an ordering relation on the
elements of SCI, and joinI combines two elements
of SCI
Example Bell-LaPadula has security compartments
for SCI, dom for ?I and lub as joinI

9
Confinement Flow Model

10
Example Confinement Model

11
Another Example

Let a, b, and c ? O
confine(a) CONFIDENTIAL, CONFIDENTIAL
confine(b) SECRET, SECRET
confine(c) CONFIDENTIAL, TOPSECRET
Then a ? b, a ? c, b ? c, and c ? a are the legal
flows
Note that b ? c and c ? a, but information cannot
flow from b to a because bL ?I aU is false
So, transitivity fails to hold

12
Non-LatticeInformation Flow Policies

Government agency has public relation officers
(PRO), analysts (A), and spymasters (S)
4 classifications of data
public ? analysis, public ? covert
analysis ? top-level, covert ? top-level
confine(PRO) public, analysis
confine(A) analysis, top-level
confine(S) covert, top-level
PRO ? A, A ? PRO, PRO ? S, A ? S, and S ? A

13
Complier-Based Mechanisms