UC Davis

In this paper, we present a set of security requirements for critical systems, fundamental premises that those requirements would entail, and ideas for implementations that would instantiate those premises.  We discuss the overriding requirement guiding our paradigm: that "first principles" reflects the only real security strategy, where first principles are ideally provable, often measurable; and at minimum, possible to order and bound.  These principles allow us to take into account that many security policies may be even be in conflict, and as such, proofs, measures, and ordering gives an analyst (or even better, an automated system) the metrics that one needs in order to make informed decisions about how to resolve conflicts.  We demonstrate several metrics that enable this, including state replication, data slicing, collusion, and information theory.