Information Security as Strategic (In)effectivity
This work addresses the challenge of overly restrictive security models in computer science, offering a more practical approach for system designers, though it appears incremental as it builds on classical noninterference.
The paper tackles the problem of redefining information security by proposing that it should be measured by the adversary's ability to harm the system rather than preventing all information leakage, and formalizes this by comparing information flows and introducing a new notion of effective information security.
Security of information flow is commonly understood as preventing any information leakage, regardless of how grave or harmless consequences the leakage can have. In this work, we suggest that information security is not a goal in itself, but rather a means of preventing potential attackers from compromising the correct behavior of the system. To formalize this, we first show how two information flows can be compared by looking at the adversary's ability to harm the system. Then, we propose that the information flow in a system is effectively information-secure if it does not allow for more harm than its idealized variant based on the classical notion of noninterference.