Information flow property preserving transformation of UML interaction diagrams

Seehusen, Fredrik; Stølen, Ketil

doi:10.1145/1133058.1133080

Cited by 10 publications

(9 citation statements)

References 29 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Roscoe [Ros95] defines Low-determinism, a very strong notion of security, which is always preserved under refinement, but at the cost of a significantly restricted range of applicability. Some recent works have also sought to overcome the refinement paradox by drawing a distinction between specification-level non-determinism and non-determinism that is inherent in a system, with the latter preserved under refinement [SS06,Jür05,Bib06].…”

Section: Related Workmentioning

confidence: 99%

Architectural refinement and notions of intransitive noninterference

Meyden

2012

Form. Asp. Comput.

View full text Add to dashboard Cite

This paper deals with architectural designs that specify components of a system and the permitted flows of information between them. In the process of systems development, one might refine such a design by viewing a component as being composed of subcomponents, and specifying permitted flows of information between these subcomponents and others in the design. The paper studies the soundness of such refinements with respect to a spectrum of different semantics for information flow policies , including Goguen and Meseguer's purge-based definition, Haigh and Young's intransitive purge-based definition, and some more recent notions TA-security, TO-security and ITO-security defined by van der Meyden. It is shown that all these definitions support the soundness of architectural refinement, for both a state-and an action-observed model of systems. A notion of systems refinement in which the information content of observations is reduced is also studied. It is also shown that refinement preserves weak access control structure, an implementation mechanism that ensures TA-security.

show abstract

Section: Related Workmentioning

confidence: 99%

Architectural refinement and notions of intransitive noninterference

Meyden

2012

Form. Asp. Comput.

View full text Add to dashboard Cite

show abstract

“…Roscoe [Ros95] defines Lowdeterminism, a very strong notion of security, which is always preserved under refinement, but at the cost of a significantly restricted range of applicability. Some recent works have also sought to overcome the refinement paradox by drawing a distinction between specification-level non-determinism and non-determinism that is inherent in a system, with the latter preserved under refinement [SS06,Jür05,Bib06].…”

Section: Related Workmentioning

confidence: 99%

“…Others have identified sufficient conditions for behavioral refinement to preserve information flow properties [GCS91, O'H92, BFPR03,Ros95]. Some recent works have also sought to overcome the refinement paradox by drawing a distinction between specificationlevel non-determinism and non-determinism that is inherent in a system, with the latter preserved under refinement [SS06,Jür05,Bib06].…”

Section: Related Workmentioning

confidence: 99%

Architectural Refinement and Notions of Intransitive Noninterference

Meyden

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This paper deals with architectural designs that specify components of a system and the permitted flows of information between them. In the process of systems development, one might refine such a design by viewing a component as being composed of subcomponents, and specifying permitted flows of information between these subcomponents and others in the design. The paper studies the soundness of such refinements with respect to a spectrum of different semantics for information flow policies, including Goguen and Meseguer's purge-based definition, Haigh and Young's intransitive purge-based definition, and some more recent notions TA-security, TO-security and ITO-security defined by van der Meyden. It is shown that all these definitions support the soundness of architectural refinement, for both a state-and an action-observed model of systems. A notion of systems refinement in which the information content of observations is reduced is also studied. It is also shown that refinement preserves weak access control structure, an implementation mechanism that ensures TA-security.

show abstract

“…Unpredictability in the form of non-determinism is known to be problematic in relation to specifications because non-determinism is also often used to represent underspecification and when underspecification is refined away during system development we may easily also reduce the required unpredictability and thereby reduce security. For this reason, STAIRS (as explained carefully by Seehusen and Stølen [21]) distinguishes between mandatory and potential choice. Mandatory choice is used to capture unpredictability while potential choice captures underspecification.…”

Section: Generalising the Semantics To Support Unpredictabilitymentioning

confidence: 99%

A Semantic Paradigm for Component-Based Specification Integrating a Notion of Security Risk

Brændeland

Stølen

2007

Formal Aspects in Security and Trust

Self Cite

View full text Add to dashboard Cite

Abstract. We propose a semantic paradigm for component-based specification supporting the documentation of security risk behaviour. By security risk, we mean behaviour that constitutes a risk with regard to ICT security aspects, such as confidentiality, integrity and availability. The purpose of this work is to investigate the nature of security risk in the setting of component-based system development. A better understanding of security risk at the level of components facilitates the prediction of risks related to introducing a new component into a system. The semantic paradigm provides a first step towards integrating security risk analysis into the system development process.

show abstract

Information flow property preserving transformation of UML interaction diagrams

Cited by 10 publications

References 29 publications

Architectural refinement and notions of intransitive noninterference

Architectural refinement and notions of intransitive noninterference

Architectural Refinement and Notions of Intransitive Noninterference

A Semantic Paradigm for Component-Based Specification Integrating a Notion of Security Risk

Contact Info

Product

Resources

About