This paper deals with architectural designs that specify components of a system and the permitted flows of information between them. In the process of systems development, one might refine such a design by viewing a component as being composed of subcomponents, and specifying permitted flows of information between these subcomponents and others in the design. The paper studies the soundness of such refinements with respect to a spectrum of different semantics for information flow policies. These include Goguen and Meseguer's purge-based definition, Haigh and Young's intransitive purge-based definition, and some more recent notions TA-security, TO-security and ITO-security defined by van der Meyden. It is also shown that refinement preserves weak access control structure, an implementation mechanism that ensures TA-security.
展开▼
机译:本文涉及体系结构设计,这些体系结构设计指定了系统的组成部分以及它们之间允许的信息流。在系统开发过程中,可以通过将组件视为由子组件组成,并指定这些子组件与设计中的其他组件之间允许的信息流来改进这种设计。本文针对信息流策略的一系列不同语义研究了这种改进的合理性。这些包括Goguen和Meseguer的基于清除的定义,Haigh and Young的不及物的基于清除的定义,以及van der Meyden定义的一些较新的概念TA安全,TO安全和ITO安全。还显示出细化保留了弱的访问控制结构,这是一种确保TA安全的实现机制。
展开▼
