## Reference from ESORICS proceedings

Third European Symposium on Research in Computer Security (ESORICS 94)

**Information Flow Controls vs Inference Controls: An Integrated Approach**

*F. Cuppens*, *G. Trouessin*

**Keywords :** Security model, Information flow control, Database security, Inference
control, Modal logic

**Abstract :** This paper proposes a formal method for modeling database security based on a
logical interpretation of two problems: the (internal) information flow controls
and the (external) information inference controls. Examples are developed that
illustrate the inability of "classical" security models such as non-interference
and non-deducibility to completely take into account the inference problem,
because both are too constraining: the former model leads to the existence
problem, whereas the latter one leads to the elimination problem. The causality
model, which has been developed to solve the information flow control problem by
considering that "what is known, must be permitted to be known", does not also
explicitly take into account the inference problem. But we show that it is
possible to extend causality so that inference can in fact be solved by
formalizing the security policy consistency in the following way "any information
must not be both permitted and forbidden, to be known". However, some
difficulties remain if we do not consider that a subject can perform not only
valid derivations but also plausible derivations. In particular, we show that
classical solutions to the inference problem such as use of polyinstantiated
databases are not plainly satisfactory, unless the security policy is able to
estimate how it is plausible that an abductive reasoning can occur.

(Pages 447-468)

Proceedings table of contents