Visible to the public A Cut Principle for Information Flow


We view a distributed system as a graph of active locations with unidirectional channels between them, through which they pass messages. In this context, the graph structure of a system constrains the propagation ofinformation through it.

Suppose a set of channels is a cut set between an information source and a potential sink. We prove that, if there is no disclosure from the source to the cut set, then there can be no disclosure to the sink. We introduce a new formalization of partial disclosure, called blur operators, and show that the same cut property is preserved for disclosure to within a blur operator. This cut-blur property also implies a compositional principle, which ensures limited disclosure for a class of systems that differ only beyond the cut.

Full paper is available at Slide presentation is available upon request. Please contact Katie Dey at hcss[at]cps-vo[dot]org.


Joshua D. Guttman is Senior Principal Scientist at The MITRE Corporation and Research Professor in the Computer Science department at Worcester Polytechnic Institute. He has specialized in information security, particularly application of logical techniques to information security.

He has published extensively on the design and verification of cryptographic protocols. He has also published on filtering routers, the IP security protocols, trust management, and operating system security. His work on compiler verification -- in collaboration with Swarup and Ramsdell at MITRE and Wand at Northeastern -- was the subject of a special double issue of the journal Lisp and Symbolic Computation.

Professor Guttman has presented short courses and invited lectures in varied venues, including the US National Security Agency, the British Defence Evaluation and Research Agency, and the University of Pisa.

Educated at Princeton and the University of Chicago (PhD, 1984), Guttman has chaired the IEEE Computer Security Foundations Workshop (now a symposium), the first Conference on Principles of Security and Trust, the Workshop on Issues in the Theory of Security, and the workshop on Formal Aspects of Security and Trust. He is also a founding member of IFIP WG 1.7, Theoretical Foundations of Security Analysis and Design.

Creative Commons 2.5

Other available formats:

A Cut Principle for Information Flow
Switch to experimental viewer