The author further delineates and improves the evidence that nondeducibility on strategies is a respectable candidate for a definition of security against information compromise, at least for the class of systems that can be modeled as synchronized state machines. First, the author confirms the thesis of J.T. Wittbold and D.M. Johnson (1990) that nondeducibility on strategies is stronger than the notion of nondeducibility on inputs, defined by D. Sutherland (1986), which is generally viewed as a minimum requirement for security. Second, it is shown that nondeducibility on strategies is preserved when two machines that are secure by this definition are hooked up arbitrarily, even when loops are created by the interconnection. In order to make these more general hookups possible, it is necessary to generalize the definition of a synchronized state machine.
展开▼