📊 Model: (InformationFlow-JPMail-no-violation)
🔗 Link to Original Paper/Article
View SourceOpen Example Model in Example Models Bundle
📝 Short Description
This model describes a mail exchange via public mail server.
🔤 Abbreviations
Policy DS: Policy DataStoreBob DS: Bob DataStoreSMTP: Simple Mail Transfer ProtocolPOP3: Post Office Protocol Version 3
📖 Extensive Description
The case is about Alice who sends a mail to Bob via a public mail server. Initially, Alice provides an email_body_and_header, which is split into header and body. The body is encrypted (encrypt) with the public key of Bob (BobPubKey). Header and encrypted body are sent via mail servers to Bob. Bob decrypts the body in the Decrypt zone and reads the mail.
🏷️ Label Description
🗂️ Data Labels:
- Level: This label denotes the zones a data flow may access. There are levels
HighandLow. - LevelBeforeEncryption: This label stores the security classification of a data flow before it is encrypted with the
declassifynode. This can beHighorLow.
🏷️ Node Labels:
- Zone: There are two
Zones:TrustandAttack. A node can be in either or none of theseZones.
⚠️ Constraint
SafetyConstraint
The fundamental requirement is that system parts or actors in the attack zone must not have access to data classified High:
SafetyConstraint: Level.High neverFlows vertex Zone.Attack
