Formal Models for Computer Security

Landwehr, Carl E.

doi:10.1145/356850.356852

Cited by 357 publications

(131 citation statements)

References 24 publications

Supporting

Mentioning

122

Contrasting

Unclassified

Order By: Relevance

“…Nevertheless, there has been considerable discussion by researchers on formalizing software security models dating back to the 1980s [31]. In the past decade, especially with the advent of model checking technology [10], there have been advances in verifying security protocols [33,11] and proving security properties of applications [6,5,4].…”

Section: Formal Security Architecturesmentioning

confidence: 99%

Software analysis for security

Mancoridis

2008

2008 Frontiers of Software Maintenance

View full text Add to dashboard Cite

show abstract

Section: Formal Security Architecturesmentioning

confidence: 99%

Software analysis for security

Mancoridis

2008

2008 Frontiers of Software Maintenance

View full text Add to dashboard Cite

show abstract

“…In the case of a politician, such infomation would be publicly available. The basic principle underlying MLS query answering is called simple security property and was de ned in the Bell-LaPadula model of mandatory security, see [Lan81]. It can also be described by the slogan \no read up", i.e.…”

Section: Mls Databasesmentioning

confidence: 99%

Multi-level security in multiagent systems

Wagner

1997

Cooperative Information Agents

View full text Add to dashboard Cite

show abstract

“…The Session system is 3 Note: in Z the application of function to argument can be written either as or as . The former is preferred; the latter can be used to improve clarity in complicated expressions.…”

Section: Sessionsmentioning

confidence: 99%

Formal specification of an access control system

Stepney¹,

Lord²

1987

Softw Pract Exp

View full text Add to dashboard Cite

SUMMARYComputing facilities networked together but controlled by different administrations pose a problem of access control. Who decides who can use what?We specify a formal model for an access control system which allows users and services from different administrations to communicate with each other, while still allowing the administrators to retain control of their own parts of the network. The model, written in the Z specification language, has been developed as the access control system for ADMIRAL, though it is not specific to ADMIRAL. It provides a framework for administrators to build access control systems to meet their differing requirements.A system based on the model would allow users to log in to a distributed computing system and to make requests for services in any part of the system, without having to provide any more information about themselves. After this initial log in all subsequent access control decisions are handled automatically, and remain invisible to the user unless access is refused.We also discuss the experience we have had animating this model in Prolog.KEY WORDS Networks Access control Formal model Z specification Prolog Objectives of the ModelIn a conventionally organized network, very little attention is paid to access control on a network-wide basis. Usually individual machines provide their own facilities. This can lead to frustration both for users and for administrators; users are continually faced with log-in prompts, and administrators have to control a multitude of tables on different machines. Most access control schemes designed for networks are based around a centralized service, or are controlled by a single administration. These fail to address the problems associated with access control in a multi-administration network. In such a network, several autonomous access control system (ACSs) have to interact.The model described here has been developed as the access control system for project ADMIRAL. ADMIRAL is a collaborative project supported by the Alvey programme, carrying out research into the use and management of high performance networks. An internet of linked networks, covering five industrial and academic sites, is being set up. The project is described in Reference 1.Our model is not specific to ADMIRAL, however. A system based on our model will have the following properties:1. Autonomous administrations can work with each other, but still retain control over their own facilities. 2. Users' access to services can be controlled, even when the user and the service fall under different administrations. This control is invisible to users, unless they try to access services not available to them.

show abstract

Formal Models for Computer Security

Cited by 357 publications

References 24 publications

Software analysis for security

Software analysis for security

Multi-level security in multiagent systems

Formal specification of an access control system

Contact Info

Product

Resources

About