Theft of Information and Conspiracy in the Take-Grant Protection Model
Matt Bishop - U.C. Davis
Apr 24, 1998
AbstractQuestions of information flow are in many ways more important than questions of access control, because the goal of many security policies is to thwart the unauthorized release of information, not merely the illicit obtaining of access rights to that information. The Take-Grant Protection Model is an excellent theoretical tool for examining such issues because conditions necessary and sufficient for information to flow between two objects, and for rights to objects to be obtained or stolen, are known.
In this talk, we examine the question of information flow from an object the owner of which is unwilling to release that information, and show necessary and sufficient conditions for the transfer to occur. To emphasize the usefulness of these results, the security policies of complete isolation, transfer of rights with the cooperation of an owner, and transfer of information (but not rights) with the cooperation of the owner are presented; the last is used to model a subject guarding a resource. Next, we analyze the problem of sharing information in the context of paths along which information can flow, and presents the number of actors necessary and sufficient to share information, in this model. The results are applied to information flow in a network to reduce the size of the set of actors who could have participated in the theft.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.