Title :
Towards a theory of penetration-resistant systems and its applications
Author :
Gupta, Sarbari ; Gligor, Virgil D.
Author_Institution :
Dept. of Electr. Eng., Maryland Univ., College Park, MD, USA
Abstract :
A theoretical foundation for penetration analysis of computer systems is presented, which is based on a set of formalized design properties that characterize resistance to penetration. By separating the policy-enforcement mechanisms of a system from the mechanisms necessary to protect the system itself, and by using a unified framework for representing a large set of penetration scenarios, the authors develop an extensible model for penetration analysis. Furthermore, they illustrate how the model is used to implement automated tools for penetration analysis. The theory, model, and tools only address system-penetration patterns caused by unprivileged users´ code interactions with a system
Keywords :
data integrity; security of data; automated tools; computer systems; formalized design properties; penetration analysis; penetration-resistant systems; policy-enforcement mechanisms; security properties; sysetms integrity; Application software; Automatic testing; Computer security; Educational institutions; Electric resistance; Information analysis; Kernel; Privacy; Protection; System testing;
Conference_Titel :
Computer Security Foundations Workshop IV, 1991. Proceedings
Conference_Location :
Franconia, NH
Print_ISBN :
0-8186-2215-6
DOI :
10.1109/CSFW.1991.151571
