On the Verification of Intransitive Noninterference in Mulitlevel Security

N. BenHadj-Alouane, S. Lafrance, F. Lin, J. Mullins, M.M. Yeddes
2005 IEEE Transactions on Systems Man and Cybernetics Part B (Cybernetics)  
We propose an algorithmic approach to the problem of verification of the property of intransitive noninterference (INI), using tools and concepts of discrete event systems (DES). INI can be used to characterize and solve several important security problems in multilevel security systems. In a previous work, we have established the notion of -observability, which precisely captures the property of INI. We have also developed an algorithm for checking -observability by indirectly checking
more » ... bility for systems with at most three security levels. In this paper, we generalize the results for systems with any finite number of security levels by developing a direct method for checking -observability, based on an insightful observation that the function is a left congruence in terms of relations on formal languages. To demonstrate the applicability of our approach, we propose a formal method to detect denial of service vulnerabilities in security protocols based on INI. This method is illustrated using the TCP/IP protocol. The work extends the theory of supervisory control of DES to a new application domain. Index Terms-Denial of service, formal verification, information flow, interference, intransitive noninterference (INI), observability, purge, security policies. I. INTRODUCTION T HE THEORY of supervisory control of discrete event systems (DES) was introduced over twenty years ago [13], [10] . Since then, the properties of controllability [13] and observability [10] have been used as tools to characterize and solve many problems with diverse application domains. In this paper, we generalize the notion of observability of DES in order to characterize and solve some open problems in the field of security of computer systems and protocols and, hence, extend the application domains of the theory of supervisory control of DES. and the Swedish Institute in Computer Science (SICS), Kista, Sweden. His research interests include applications of mathematical logic to the analysis of concurrency and security: models and calculi for concurrent systems (including object-oriented and mobile systems) and security systems (e.g., security controllers and security protocols), modal and temporal logics with fixed points, and applications to system verification and description. . His current research interests focus on the modeling and control of hybrid and timed discrete-event systems using Petri nets and automata. Recently, he has become concerned with the applications discrete-event systems tools to the area of security.
doi:10.1109/tsmcb.2005.847749 pmid:16240770 fatcat:lo7nke3qzrg33blorte43bql6a