Abstract: IP-secure is proposed for intransitive policies. But the definitions of IP-secure for intransitive policies in these works suffer from some subtle flaws, such as the orders of the actions, and an altered definition called TA-secure is proposed. This paper analyzes IP-secure and TA-secure and tries to find the difference between them. It finds the conditions to exchange the order of two actions in a sequence, where the results are equal after executing function ipurge. It also finds the conditions to exchange the order of two actions in a sequence, where the results are equal after executing function ta. Then, it compares the conditions to find the difference. The exact condition when function ta can purge the orders of the actions which shouldn’t be known by the security domain is found. Based on the difference, it gives the requirement to make a system satisfy TA-secure when it is IP-secure.

Key words: noninterference, information security model, IP-secure, TA-secure

摘要： IP安全适用于非传递策略的无干扰模型。但是，满足IP安全的系统中仍然存在类似于动作先后顺序这样的信息，因此，提出了新的无干扰模型TA安全。对非传递无干扰下IP安全和TA安全进行比较分析，给出函数[ipurge]与函数[ta]的差别条件，函数[ta]隐藏了动作序列中部分动作的先后顺序，这些动作的先后顺序对于安全域是一种额外的信息。然后，使用该差别条件，提出当系统满足IP安全时，使系统满足TA安全所需要的条件并进行形式化推导。

关键词: 无干扰, 信息流安全模型, IP安全, TA安全