Assumptions and Guarantees for Compositional Noninterference

The idea of building secure systems by plugging together "Secure" components is appealing, but this requires a definition of security which, in addition to taking care of top-level security goals, is strengthened appropriately in order to be compositional. This approach has been previously studied for information-flow security of shared-variable concurrent programs, but the price for compositionality is very high: a thread must be extremely pessimistic about what an environment might do with shared resources. This pessimism leads to many intuitively secure threads being labelled as insecure.

Provided by: Institute of Electrical & Electronic Engineers Topic: Security Date Added: Jun 2011 Format: PDF

Find By Topic