A Lattice Model of Secure Information Flow

This paper investigates mechanisms that guarantee
secure information flow in a computer system. 
These mechanisms are examined within a mathematical framework
suitable for formulating the requirements 
of secure information flow among security classes. The
central component of the model is a lattice structure 
derived from the security classes and justified by the semantics
of information flow.  The lattice properties 
permit concise formulations of the security requirements
of different existing systems and facilitate 
the construction of mechanisms that enforce security.
 The model provides a unifying view of all systems 
that restrict information flow, enables a classification
of them according to security objectives, and 
suggests some new approaches.  It also leads to the construction
of automatic program certification mechanisms 
for verifying the secure flow of information through a program.

CACM May, 1976

Denning, D. E.

protection, security, information flow, security
class, lattice, program certification

4.35

CA760501 JB January 4, 1978  4:10 PM

2436	4	2870
2626	4	2870
2868	4	2870
2868	4	2870
2870	4	2870
2870	4	2870
2870	4	2870
2876	4	2870
3105	4	2870
3144	4	2870
953	5	2870
2377	5	2870
2632	5	2870
2870	5	2870
2870	5	2870
2870	5	2870
2945	5	2870
3128	5	2870
1947	6	2870
2150	6	2870
2376	6	2870
2436	6	2870
2597	6	2870
2704	6	2870
2865	6	2870
2866	6	2870
2870	6	2870
2870	6	2870
2912	6	2870
3082	6	2870