Possibilistic definitions of security-an assembly kit

Abstract

We present a framework in which different notions of security can be defined in a uniform and modular way. Each definition of security is formalized as a security predicate by assembling more primitive basic security predicates. A collection of such basic security predicates is defined and we demonstrate how well-known concepts like generalized non-interference or separability can be constructed from them. The framework is open and can be extended with new basic security predicates using a general schema. We investigate the compatibility of the assembled definitions with system properties apart from security and propose a new definition of security which does not restrict non-critical information flow. It turns out that the modularity of our framework simplifies these investigation. Finally, we discuss the stepwise development of secure systems.