A Test For Non-Disclosure In Security Level Translations

Two security domains that want to exchange information securely may need to agree on translations of Mandatory Access Control (MAC) labels of their information, if their MAC labels have a different syntax or semantics. Ir is desirable that these translations do not introduce any confidentiality violations. In this paper we present a property, the Security Level Translation Property (SLTP), which must hold if the security level translation functions satisfy MAC confidentiality. This property is in some sense the best possible non-disclosure test of the level translations in the absence of a "common domain" that gives the real relationships among the levels of the two domains.