TY - GEN
T1 - Brewer-Nash scrutinised
T2 - 37th IEEE Computer Security Foundations Symposium, CSF 2024
AU - Capozucca, Alfredo
AU - Cristia, Maximiliano
AU - Horne, Ross
AU - Katz, Ricardo
PY - 2024/9/20
Y1 - 2024/9/20
N2 - This paper revisits the Brewer-Nash security policy model inspired by ethical Chinese Wall policies. We draw attention to the fact that write access can be revoked in the Brewer-Nash model. The semantics of write access were underspecified originally, leading to multiple interpretations for which we provide a modern operational semantics. We go on to modernise the analysis of information flow in the Brewer-Nash model, by adopting a more precise definition adapted from Kessler. For our modernised reformulation, we provide full mechanised coverage for all theorems proposed by Brewer & Nash. Most theorems are established automatically using the tool log with the exception of a theorem regarding information flow, which combines a lemma in log with a theorem mechanised in Coq. Having covered all theorems originally posed by Brewer-Nash, achieving modern precision and mechanisation, we propose this work as a step towards a methodology for automated checking of more complex security policy models.
AB - This paper revisits the Brewer-Nash security policy model inspired by ethical Chinese Wall policies. We draw attention to the fact that write access can be revoked in the Brewer-Nash model. The semantics of write access were underspecified originally, leading to multiple interpretations for which we provide a modern operational semantics. We go on to modernise the analysis of information flow in the Brewer-Nash model, by adopting a more precise definition adapted from Kessler. For our modernised reformulation, we provide full mechanised coverage for all theorems proposed by Brewer & Nash. Most theorems are established automatically using the tool log with the exception of a theorem regarding information flow, which combines a lemma in log with a theorem mechanised in Coq. Having covered all theorems originally posed by Brewer-Nash, achieving modern precision and mechanisation, we propose this work as a step towards a methodology for automated checking of more complex security policy models.
KW - security policies
KW - information flow
KW - confidentiality
KW - revocation
KW - set theory
KW - automated verification
UR - http://www.scopus.com/inward/record.url?scp=85205946373&partnerID=8YFLogxK
UR - https://arxiv.org/pdf/2405.12187
U2 - 10.1109/CSF61375.2024.00042
DO - 10.1109/CSF61375.2024.00042
M3 - Conference contribution book
T3 - 2024 IEEE 37th Computer Security Foundations Symposium (CSF)
SP - 112
EP - 126
BT - 2024 IEEE 37th Computer Security Foundations Symposium (CSF)
CY - Los Alamitos, CA, USA
Y2 - 8 July 2024 through 12 July 2024
ER -