Tranquility Property (Dictionary Entry)
Tranquility Property
Alternative Forms
Tranquility
Definitions
Definition 1
Tranquility is a property that influences the security of systems.
Once a system state is demonstrated as statically secure, a difficulty is to further demonstrate that it is dynamically secure. Put differently, to demonstrate that given an initial secure state, subsequent state transitions always lead to a secure system. The tranquility property captures if and how modifications in the security clearance level of subjects (e.g. people) and the security classification level of objects may take place in the system. It distinguishes three possible tranquility levels:
Strong tranquility: This is a secure tranquility level where security clearance levels and security classification levels are first initialized and then cannot be modified during the overall lifecycle of the system. This tranquility level imposes stringent constraints on the system.
Weak tranquility: This is a secure tranquility level where security clearance levels and security classification levels are first initialized and then may be modified following a procedure that assures the legitimacy / authority of the person ordering the change, and the security of the system throughout the transition to the new state. This tranquility level imposes less stringent constraints on the system.
No tranquility: This is an insecure tranquility level where security clearance levels and security classification levels may be modified without the secure procedure required in weak tranquility. This tranquility level imposes no additional constraints on the system.
Note 1
If not specified otherwise, the tranquility property refers to both security clearance levels and security classification levels. But the concept may be applied to only security clearance levels or security classification levels, in which case it is recommended to express it explicitly.
Note 2
The tranquility principle, general means that a system shall be of strong or weak tranquility, that are secure, but not no tranquility, that is insecure.
Note 3
A system is deemed tranquil when it complies with the tranquility principle.
Conceptual Diagram
Related Terms
Bell-LaPadula Model (BLP)
Security Classification
Security Clearance
Quotes
Bibliography
https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1004929285
https://open-measure.atlassian.net/wiki/spaces/BIB/pages/998244597
https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1226571865
https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1237418084
https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1122533630
https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1079050341
https://open-measure.atlassian.net/wiki/spaces/BIB/pages/86441993
https://open-measure.atlassian.net/wiki/spaces/BIB/pages/1091436547
See Also
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.