A theory for system security

Author

Zhang, Kan

Author_Institution

Comput. Lab., Cambridge Univ., UK

fYear

1997

fDate

10-12 Jun 1997

Firstpage

148

Lastpage

155

Abstract

Two independent definitions of system security are given through two distinct aspects of a system execution, i.e. state and transform. These two definitions are proven to be equivalent, which gives both confidence to the soundness of our explanation and insight into the internal causality of information flow. Using this definition of information flow security, a general security model for nondeterministic computer systems is presented. On the one hand, our model is based on information flow, which allows it to explain security semantically in terms of other information flow models. On the other hand, our model imposes concrete constraints on the internal system processes, which facilitates implementation and verification in the fashion of access security models. Our model is also more general than previous state-based information flow models, e.g. allowing for concurrency among system processes, which is more suitable for distributed systems

Keywords

distributed processing; multiprocessing systems; security of data; access security models; concurrency; distributed systems; information flow; internal causality; internal system process constraints; nondeterministic computer systems; soundness; system execution; system security; system states; system transforms; Access control; Computer security; Concrete; Constraint theory; Information security; Laboratories; Mechanical factors;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop, 1997. Proceedings., 10th

Conference_Location

Rockport, MA

ISSN

1063-6900

Print_ISBN

0-8186-7990-5

Type

conf

DOI

10.1109/CSFW.1997.596805

Filename

596805