Mediating secure information flow policies

Abstract

In this paper, we study secure information flow policies in the sense of Meadows [C. Meadows, Extending the Brewer–Nash model to a multi-level context. IEEE Computer Society Symposium on Research in Security and Privacy (1990) 95–102.] and others for aggregated datasets, collectively. We first present a method for combining different sensitivity levels over a common dataset and investigate its ramifications on information flow policies. Next, safe-flow policies are formulated in full generality using domain-theoretic tools, and systematically derived as closure operators from Scott continuous functions. Maximum safe-flow policies correspond to the top element of the lattice of the derived closure-operator collection. We then introduce a categorical framework for information flow, in which amalgamation is used to formulate and characterize information-flow policy merging. Our methods for mediating information flow policies should be of practical interest for information sharing among multiple agencies. Our formulation of safe-flow policies as closure operators from Scott continuous functions and the associated categorical formulation of safe-flow policy merging provide a sound and general theoretical foundation for the first time for this topic, setting a stage for further development in this area.