The order-theoretical foundation for data flow security

Some theories on data flow security are based on order-theoretical concepts, most commonly on lattice concepts. This paper presents a correspondence between security concepts and partial order concepts, by which the former become an application of the latter. The formalization involves concepts of data flow, equivalence classes of entities that can access the same data, and labels. Efficient, well-known algorithms to obtain one of these from one of the others are presented. Security concepts such as secrecy (also called confidentiality), integrity and conflict can be expressed in this theory. Further, it is shown that complex tuple labels used in the literature to express security levels can be translated into equivalent set labels. A consequence is that any network's data flow or access control relationships can be defined by assigning simple set labels to the entities. Finally, it is shown how several partial orders can be combined when different data flows must coexist.