Assessment of Multilevel Intransitive Noninterference by Nonblocking Analysis

Abstract

Security of system behavior is a kind of information flow security, which is achieved by confusing the intruders via the indistinguishability of system behaviors. Noninterference is a typical notion to describe information flow security, for which multilevel intransitive noninterference (MINI) is an advanced variant. Since there is a lack of rigorous approach to assessing MINI, this article achieves so via observability theory. For systems modeled by labeled Petri nets (LPNs), two MINI properties, i.e., positive MINI (PMINI) and bipolar MINI (BMINI), are considered. First, a necessary and sufficient condition for their assessment is established via language equivalence. Language equivalence analyses for PMINI and BMINI are based on the existing trace equivalence and the proposed INI bisimulation, respectively. INI bisimulation is more comprehensive to describe negative noninterference than bisimulation. Second, another necessary and sufficient condition is established after the transformation of MINI assessment problem to nonblocking analysis problem. The core of such a problem transformation is the stepwise construction of nonblocking analyzer. This stepwise construction allows MINI assessment to proceed online before terminating at an appropriate time. In addition, this stepwise construction fully employs the concurrency of LPNs so that MINI can be assessed in a multithreaded way. Both online and multithreaded MINI assessments can improve assessment efficiency.