# [cap-talk] Formalism in computer security discussions (was: Cascade Problem)

Jed at Webstart donnelley1 at webstart.com
Wed May 24 14:53:42 EDT 2006

```At 07:33 PM 5/23/2006, Toby Murray wrote:
>Hi cap-talk,
>
>A question for anyone more familiar with modelling security properties.
>I'm currently working through a paper "Multilevel Security and Quality
>of Protection" that looks at reasoning about multilevel secure systems
>in terms of quality of protection.

Hi Toby.  I assume this is the paper you're looking at:

http://www.cs.ucc.ie/~simon/pubs/qop2005.pdf

?  I often find it confusing to get multiple layers of filtering
about what's being said in a paper.

I read a bit of this paper.  One comment I feel compelled to make is to
ask people on this list how they feel about such mathematical formalism
in discussions of issues like multilevel security.  While I do have sufficient
mathematical background (Masters in Math that of course included
set theory and abstract algebra - mostly what they use in this paper),
I find it, well, tiring to follow though sections like the last three
paragraphs
in section 5 in that paper, e.g.:

The classical Constraint Satisfaction Problem (CSP) is a Soft CSP (SCSP)
where the chosen c-semiring is: SCSP = <{false, true}, v, ^, false, true>.

While I've struggled through such formalisms many times, I have to admit
to be disappointed to never (really) finding any additional value in doing
so.  I'd be interested to hear the experience of others in this regard.
One of my first big disappointments in this area was the Bell and
LaPadula model.  When I first saw one of their papers I thought to
myself, "Oh boy, now I can really put some of this formal training
to work and use it to get a better understanding of computer security"
<where I was doing research at the time - middle 1970s>.  Sadly
I found that from my perspective the formalism simply served to
obscure what was really going on and to exclude many people from
being involved in the discussion - thereby giving the illusion of greater
substance to a model that was and is, in my opinion, fundamentally
flawed.

I'd be interested to hear the reaction of others to such formalism
when they've encountered it.  Has anyone ever had a positive experience
in this area?  Namely an experience of wading through (or perhaps being
delighted by) the formalism in such a paper and finding that it really
contributed to their understanding of the basic concepts?  In that
case I would like to read such a paper and perhaps get reenergized
in this area.  If not then perhaps people can express opinions on
why such formalisms are as common as they are.

>In the paper, they describe "The Cascade Problem" and give an example
>based on the Chinese Wall policy...

I'll have to get back to the above under separate cover.

--Jed http://www.webstart.com/jed/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20060524/6214194a/attachment.html
```