On the derivation of secure components

7 January 2003

conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 242-247
https://doi.org/10.1109/secpri.1989.36298

Abstract

The author discusses the problems in deriving a system from its specification when that specification includes simple trace-based information-flow security properties as well as safety properties. He presents two fundamental theorems of information-flow security which describe the inherent difficulties of deriving secure implementations and considers the implications of these results. It is concluded that it is dangerous to extrapolate from success in the case of two to the case of many. Results proved about systems with just low- and high-access users may not extend easily to full lattices.

Keywords

This publication has 10 references indexed in Scilit:

Security specifications
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
Noninterference and the composability of security properties
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
A secure distributed operating system
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2003
A Trace Specification of the MMS Security Model
Published by Defense Technical Information Center (DTIC) ,1988
Transaction processing primitives and CSP
IBM Journal of Research and Development, 1987
Specifications for Multi-Level Security and a Hook-Up
Published by Institute of Electrical and Electronics Engineers (IEEE) ,1987
The Weakest Prespecification, Part I
Fundamenta Informaticae, 1986
Unwinding and Inference Control
Published by Institute of Electrical and Electronics Engineers (IEEE) ,1984
Security Policies and Security Models
Published by Institute of Electrical and Electronics Engineers (IEEE) ,1982
The Science of Programming
Published by Springer Nature ,1981