Characterizing Intransitive Non-Interference in Security Policies with Observability

This paper introduces a new algorithmic approach to the problem of checking the property of intransitive non-interference (INI) using discrete event systems (DES) tools and concepts. INI property is widely used in formal verification of security problems in computer systems and protocols. The approach consists of two phases: First a new property called iP observability (observability based on a purge function) is introduced to capture INI. We prove that a system satisfies INI if and only if it is iP -observable. Secondly, a relation between iP observability and P -observability (observability as used in DES) is established by transforming the automaton modeling a system/protocol into an automaton where P -observability (and hence iP -observability) can be determined. This allows us to check INI by checking P -observability, which can be done efficiently. Our approach can be used for all systems/protocols with three levels, which is sufficient for most non-interference problems for cryptographic protocols and systems. We also give examples to illustrate the applications our approach to cryptographic protocols and systems.