The Development and Proof of a Formal Specification for a Multilevel Secure System.

Not only does the formality promote precision, but it enables the proof of any formal specifications, and perhaps of any implementation, for the system. ... This paper describes current work on the design and specification of a multilevel secure distributed system called SNet. ... ACKNOWLEDGMENTS The authors are extremely indebted to the three anonymous referees who provided complete and insightful comments on the first version of this paper. ...

doi:10.1145/13677.22724 fatcat:cq7n4yzdcbebrmqboidvyfofxm

The less general model relates well to design specifications and permits straightforward proof of the security of a system design. The correspondence between the two models is easily demonstrated. ... The two models when applied appropriately are more useful for defining and proving the multilevel security of systems than existing models. ... AC KNOWLEDGMENTS Peter Neumann, the leader at SRI of the project under which the SOM was developed, provided the authors with many critical comments. ...

doi:10.1145/800214.806547 dblp:conf/sosp/FeiertagLR77 fatcat:oi4qwkdmtrcq3o22j2fbqt3w5y

First, it is for a complete implementation of a commercially available secure computer system. ... This paper discusses the formal verification of the design of an operating system kernel's conformance to the multilevel security property. ... This paper discusses an experience in the use of formal methods for the development of an operating system security kernel. ...

doi:10.1145/800217.806623 dblp:conf/sosp/Silverman83 fatcat:vdjp2feqdfanrfy4syvuprbl7i

First, it is for a complete implementation of a commercially available secure computer system. ... This paper discusses the formal verification of the design of an operating system kernel's conformance to the multilevel security property. ... This paper discusses an experience in the use of formal methods for the development of an operating system security kernel. ...

doi:10.1145/773379.806623 fatcat:ztlv4o26rvdenfp7fkhmuwyxxu

Our work was simplified by the following people who, as members of the Program Committee of the 1986 IEEE Symposium on Security and Privacy, reviewed most of the papers included here. ... In the security models area, the paper by Denning et al. presents a model of multilevel security for relational database systems. ... of operating systems and hardware protection mechanisms as bases for the development of secure computer systems. ...

doi:10.1109/tse.1987.232888 fatcat:yabfbkhcurd6ngbh2fqxtwjfh4

This paper provides a brief explanation of the two most cited models in the field of computer security and points out the basic differences between them. ... There ia a common misconception in the field that the MLS tool for HDM ia designed to be an implementation of the Bell and LaPadula model. ... Establishing multilevel security for a specific specification in SPECIAL involves writing a set of specifications that completely specify the external interface of the system. ...

doi:10.1109/sp.1984.10021 dblp:conf/sp/Taylor84 fatcat:urnktgxa4jbvtg27iyjy5mxogi

Most modern large-scale systems employ a complex organization of distributed components, described Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of ... information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing ... Acknowledgments Steven Greenwald and Cynthia Irvine helped considerably in reviewing a preliminary version of this document. Brant Hashii built much of eSS. ...

doi:10.1109/msp.2010.201 fatcat:k5zvshjmbndstgqtjt43ohdxzy

A distinctive concern in the U.S. military for computer security dates from the emergence of time-sharing systems in the 1960s. ... The paper examines the connections between computer security and formal, deductive verification of the properties of computer systems. ... Science and Engineering Research Council/Safety Critical Systems Research Programme (GR/J58619). Additional support was provided by the U.S. Navy through the Naval Research Laboratory and by the U.S. ...

doi:10.1109/85.601735 fatcat:zba5ya33yvg5rcqquxhovwfycm

For the database community the words secure database design may refer to the schema design to produce a database for a specific application with some level of security properties. ... There is a large amount of literature on this latter subject and a related section in this encyclopedia (Database security). ... Applications including secure databases Since this approach is tailored to the application, one can add the required level of security using formal proofs when necessary. ...

doi:10.1007/978-1-4899-7993-3_329-2 fatcat:ybhrxoe46rebxakmfby4xdwwcq

Are the transformation verification techniques that we have developed sufficient for verifying a collection of transformations adequate for implementing complex secure architecture? ... This paper describes the process of implementing an architecture for secure distributed transaction processing, the process of verifying that it has the desired security properties, and the implementation ... Specifically, we added the constraint that the system must satisfy a multilevel secure access control policy. ...

doi:10.1007/3-540-48119-2_39 fatcat:3cjierxlwfhonorjgsmx652h6q

In this paper, we generalize the results for systems with any finite number of security levels by developing a direct method for checking -observability, based on an insightful observation that the function ... INI can be used to characterize and solve several important security problems in multilevel security systems. ... Intransitive Noninterference in Multilevel Systems To formally define INI, let us consider a set of security domains, a set of events partitioned over these domains, de-scribed by the mapping , and an ...

doi:10.1109/tsmcb.2005.847749 pmid:16240770 fatcat:lo7nke3qzrg33blorte43bql6a

for the Honeywell LOCK project; the formal specification of security aspects of a messaging system architecture; a Secure Distributed Operating System (SDOS) proto-type; a high B level security architecture ... Penelope is a prototype Ada verification editor whose user interactively and concurrently develops specifications of programs, their Ada text, and proofs of their verification conditions. ...

doi:10.6028/jres.095.023 pmid:28179774 pmcid:PMC4930047 fatcat:2nvckbuabrg2phfmx6s7lh6ezu

DOAJ

This paper describes a formal security model for a such a system. ... A multilevel database is intended to provide the security needed for database systems that contain data at a variety of classifications and serve a set of users having different clearances. ... This paper presents a formal security policy model for a secure multilevel relational database system. ...

doi:10.1109/32.55088 fatcat:k26mscrplzetvofp7egqpubtse

Covert channel analysis typically involves stu& of individual covert channels in isolation, and determining the thoroughness of such case-by-case analysis can be d@cult. ... To help address this problem, this paper$onnally dejnes the notion of a "complete" set of covert channels. ... Designing Systems to Simplify Channel Analysis In as much as one might design a system to be reliable, maintainable, testable, or to support formal proof, one might also design a system with the specific ...

doi:10.1145/191177.191244 dblp:conf/ccs/Browne94 fatcat:3r62gqusljcddp7yaargutwblu

The next big step in the challenge of building truly trustworthy systems is to provide a framework for developing secure systems on top of seL4. ... The seL4 microkernel was the world's first general-purpose operating system kernel with a formal, machine-checked proof of correctness. ... Acknowledgments The proof of the SAC mentioned above was conducted almost entirely by David Greenaway with minor contributions from Xin Gao, Gerwin ...

doi:10.1007/978-3-642-18070-5_1 fatcat:yeoqx3v4tnf5pakxffeucoslfe

The development and proof of a formal specification for a multilevel secure system

Preserved Fulltext

Proving multilevel security of a system design

Preserved Fulltext

Reflections on the verification of the security of an operating system kernel

Preserved Fulltext

Reflections on the verification of the security of an operating system kernel

Preserved Fulltext

Guest Editors' Note

Preserved Fulltext

Comparison Paper between the Bell and LaPadula Model

Preserved Fulltext

Lessons Learned from Building a High-Assurance Crypto Gateway

Preserved Fulltext

Mathematics, technology, and trust: formal verification, computer security, and the U.S. military

Preserved Fulltext

Secure Database Development [chapter]

Preserved Fulltext

Secure Interoperation of Secure Distributed Databases [chapter]

Preserved Fulltext

On the Verification of Intransitive Noninterference in Mulitlevel Security

Preserved Fulltext

Twelfth National Computer Security Conference - Baltimore, MD - October 10-13, 1989

Preserved Fulltext

The SeaView security model

Preserved Fulltext

An entropy conservation law for testing the completeness of covert channel analysis

Preserved Fulltext

From a Proven Correct Microkernel to Trustworthy Large Systems [chapter]

Preserved Fulltext