English

On Reductions from Multi-Domain Noninterference to the Two-Level Case

Cryptography and Security 2016-07-12 v2

Abstract

The literature on information flow security with respect to transitive policies has been concentrated largely on the case of policies with two security domains, High and Low, because of a presumption that more general policies can be reduced to this two-domain case. The details of the reduction have not been the subject of careful study, however. Many works in the literature use a reduction based on a quantification over "Low-down" partitionings of domains into those below and those not below a given domain in the information flow order. A few use "High-up" partitionings of domains into those above and those not above a given domain. Our paper argues that more general "cut" partitionings are also appropriate, and studies the relationships between the resulting multi-domain notions of security when the basic notion for the two-domain case to which we reduce is either Nondeducibility on Inputs or Generalized Noninterference. The Low-down reduction is shown to be weaker than the others, and while the High-up reduction is sometimes equivalent to the cut reduction, both it and the Low-down reduction may have an undesirable property of non-monotonicity with respect to a natural ordering on policies. These results suggest that the cut-based partitioning yields a more robust general approach for reduction to the two-domain case.

Keywords

Cite

@article{arxiv.1605.00474,
  title  = {On Reductions from Multi-Domain Noninterference to the Two-Level Case},
  author = {Oliver Woizekowski and Ron van der Meyden},
  journal= {arXiv preprint arXiv:1605.00474},
  year   = {2016}
}

Comments

changed title, abstract; reordered introduction; added some clarifying figures; merged two main results into one

R2 v1 2026-06-22T13:46:33.202Z