Technical report | A Formal Integrity Framework with Application to a Secure Information ATM (SIATM)

Abstract

Information Security is traditionally treated in three main categories: Confidentiality, Integrity, and Availability. While much work has been done on modelling Confidentiality and Availability, aspects involving comprehensive modelling and quality of data integrity in complex systems appear to be, on a relative scale, much less well understood and implemented. Further, most work on Integrity and resultant implementations seems to have focussed more on a matters related to source authentication and transmission assurance. However, the quality of data aspect is becoming more critical for attention, given the increasing levels of automation of information fusion and data transformation in a globalised Cyberspace. In this paper, we survey the existing integrity models and identify short- comings of these with regard to a general integrity framework encompassing the quality of data aspect. We then propose and formally model a new framework, illustrating the approach with reference to use cases built around the Secure Information ATM (SIATM) - a highly accreditable security system currently under development.

Executive Summary

Information Security is traditionally treated in three main categories: Confidentiality, Integrity, and Availability. While much work has been done on modelling Confidentiality and Availability, aspects involving comprehensive modelling and quality of data integrity in complex systems appear to be, on a relative scale, much less well understood and implemented. Further, most work on Integrity and resultant implementations seems to have focussed more on a matters related to source authentication and transmission assurance. However, the quality of data aspect is becoming more critical for attention, given the increasing levels of automation of information fusion and data transformation in a globalised Cyberspace. Without a comprehensive ability to measure integrity systematically, consistently, and within its correct context, military systems may struggle to take full advantage of emerging trends. 

Two primary and distinct models have previously been proposed as a foundation for systems to manage and reason about data quality integrity as a part of the information security equation: the Biba Integrity Model and the Clark-Wilson Integrity Model. In this paper, we first review the Biba and Clark-Wilson integrity models, highlighting the key attributes, limitations and later extensions to the models. The balance of the paper identifies research challenges in addressing integrity and, critically, proposes a new model that captures and supports a broader range of integrity dimensions. Finally, we briefly discuss a use case for the model involving an actual implementation of a security device (Secure Information ATM or SIATM) which is to undergo test deployment in several military systems.