Lattice
Model
CS177
2011
Information Flow
Execution of
α
causes
information flow
from
object X to object Y if information about
the value of X can be determined from the
value of Y after executing
α
.
Denoted:
X
Y
α
2
Lattice
Model
CS177
2011
Explicit and Implicit Flows
• X
Y is
explicit
whenever the operation
generating the flow is independent of the
value of X
• X
Y is
implicit
whenever there is an
operation generating a flow from an
arbitrary Z to Y and the operation is
dependent
on the value of X
3
Lattice
Model
CS177
2011
Notation
X
The value stored in object X
X
The security class of X
X
⇒
Y
Information flow is allowed from
class X
to class Y
by the
information flow policy
X
Y
is secure iff X
⇒
Y
α
4
Lattice
Model
CS177
2011
Information Flow Policy
A set of rules governing information flow
among a set of objects, each of which has a
unique security class that belongs to the set
of security classes SC.
5
