The Complexity of Intransitive Noninterference

Sebastian Eggert, Ron van der Meyden, Henning Schnoor, Thomas Wilke
2011 2011 IEEE Symposium on Security and Privacy  
1 The paper considers several definitions of information flow security for intransitive policies from the point of view of the complexity of verifying whether a finite-state system is secure. The results are as follows. Checking (i) P-security (Goguen and Meseguer), (ii) IPsecurity (Haigh and Young), and (iii) TA-security (van der Meyden) are all in PTIME, while checking TO-security (van der Meyden) is undecidable. The most important ingredients in the proofs of the PTIME upper bounds are new
more » ... aracterizations of the respective security notions, which also enable the algorithms to return simple counterexamples demonstrating insecurity. Our results for IPsecurity improve a previous doubly exponential bound of Hadj-Alouane et al.
doi:10.1109/sp.2011.30 dblp:conf/sp/EggertMSW11 fatcat:fdi3sivgo5hzbh7ui2wgfeoosa