Toward a mathematical foundation for information flow security

Abstract

A general-purpose, probabilistic state machine model which can be used to model a large class of nondeterministic (as well as deterministic) computer systems is described. The necessary probability theory to rigorously state and prove probabilistic properties of modeled systems is developed. A definition of information flow-security making use of this formalism is given. Intuitively, information flow security is the aspect of computer security concerned with how information is permitted to flow through a computer system. It is proved that the proposed definition of information flow security implies an information-theoretic definition. Finally, the author gives a verification condition for information flow security and proves that it implies the proposed definition of information flow security.<>