Title :
Formal specification of information flow security policies and their enforcement in security critical systems
Author :
Peri, Ramesh V. ; Wulf, William A.
Author_Institution :
Dept. of Comput. Sci., Virginia Univ., Charlottesville, VA, USA
Abstract :
We propose the view that formal specification of a security critical system can be realized by placing suitable restrictions on the otherwise unrestricted functional behavior of its entities. We propose a framework based on traces for developing the specification of such a system. We come up with the characterization of a specification that maximizes functionality of the system with respect to the security policy that it is required to satisfy. The utility of the concepts developed in this paper are illustrated by considering the implementation of MLS policy expressed as restrictions on the information flow relations using the access control mechanisms provided by the take-grant model
Keywords :
authorisation; formal specification; security of data; access control mechanisms; formal specification; functional behavior; information flow security policies; security critical systems; Access control; Communication system security; Computer science; Computer security; Formal specifications; Information security; Information systems; Modems; Multilevel systems; Safety;
Conference_Titel :
Computer Security Foundations Workshop VII, 1994. CSFW 7. Proceedings
Conference_Location :
Franconia, NH
Print_ISBN :
0-8186-6230-1
DOI :
10.1109/CSFW.1994.315942
