A nonfunctional approach to system integrity

IEEE Journal on Selected Areas in Communications

Volumn 21, Issue 1, 2003, Pages 36-43

  Foley, Simon N ^a  

^a UNIVERSITY COLLEGE CORK   (Ireland)

Author keywords

Computer security; Cryptography; Data security; Fault tolerance; Modeling; Protection; Protocols; Reliability; Software verification and validation; System analysis and design

Indexed keywords

COMPUTER SOFTWARE SELECTION AND EVALUATION; CRYPTOGRAPHY; FAULT TOLERANT COMPUTER SYSTEMS; MATHEMATICAL MODELS; NETWORK PROTOCOLS; RELIABILITY; SYSTEMS ANALYSIS;

AUTHORIZATION TECHNIQUE; COMMUNICATING SEQUENTIAL PROCESSES; SOFTWARE VALIDATION; SOFTWARE VERIFICATION;

SECURITY OF DATA;

EID: 0037247408     PISSN: 07338716     EISSN: None     Source Type: Journal    
DOI: 10.1109/JSAC.2002.806124     Document Type: Article

References (33)

1. E. Bertino et al., "An authorization model and its formal semantics," in Proc. Eur. Symp. Research Computer Security, 1998, pp. 127-142.
2. K. J. Biba, "Integrity considerations for secure computer systems," MITRE Corporation, Bedford, MA, MTR-3153 Rev. 1 (ESD-TR-76-372), 1976.
3. W. E. Bobert and R. Y. Kain, "A practical alternative to hierarchical integrity properties," in Proc. Nat. Computer Security Conf., 1985, pp. 18-27.
4. D. D. Clark and D. R. Wilson, "A comparison of commercial and military computer security models," in Proc. Symp. Security and Privacy, Apr. 1987, pp. 184-194.
5. D. Dolev and A. C. Yao, "On the security of public key protocols," IEEE Trans. Inform. Theory, vol. IT-29, pp. 198-208, 1983.
6. R. Focardi and R. Gorrieri, "A classification of security properties for process algebras," J. Comput. Security, vol. 3, pp. 5-33, 1995.
7. S. N. Foley, "A universal theory of information flow," in Proc. IEEE Symp. Security Privacy, 1987, pp. 116-121.
8. ____, "The specification and implementation of commercial security requirements including dynamic segregation of duties," in ACM Conf. Computer Communications Security, 1997, pp. 125-134.
9. ____, "Evaluating system integrity," in ACM New Security Paradigms Workshop, 1998.
10. J. A. Goguen and J. Meseguer, "Unwinding and inference control," in Proc. IEEE Symp. Security and Privacy, 1984, pp. 75-86.
11. P. Greve, J. Hoffman, and R. E. Smith, "Using type enforcement to assure a configurable guard," in Proc. 13th Ann. Computer Security Applications Conf., 1997, pp. 146-153.
12. J. L. Jacob, "The basic integrity theorem," in Proc. Computer Security Foundations Workshop IV, June 1991, pp. 89-97.
13. ____, "The varieties of refinement," in Proc. 4th Refinement Workshop, J. M. Morris and R. C. Shaw, Eds., 1991, pp. 441-455.
14. ____, "Basic theorems about security," J. Comput. Security, vol. 1, no. 4, pp. 385-411, 1992.
15. S. Jajodia et al., "A logical language for expressing authorizations," in Proc. Symp. Security Privacy, 1997, pp. 31-42.
16. J. Laprie et al., Ed., Dependability: Basic Concepts and Terminology. New York: Springer Verlag, 1992.
17. J. McLean, "A general theory of composition for trace sets closed under selective interleaving functions," in Proc. IEEE Symp. Research Security and Privacy, 1994, pp. 79-93.
18. R. Needham, "Later developments at Cambridge: Titan, CAP and the Cambridge ring," Ann. History Comput., vol. 14, pp. 57-58, 1992.
19. L. C. Paulson, "The inductive approach to verifying cryptographic protocols," J. Comput. Security, vol. 6, pp. 85-128, 1998.
20. A. W. Roscoe, "Using intensional specifications of security protocols," in Proc. Computer Security Foundations Workshop, 1996, pp. 28-38.
21. ____, The Theory and Practice of Concurrency. Englewood Cliffs, NJ: Prentice-Hall, 1997.
22. A. W. Roscoe, J. C. P. Woodcock, and L. Wulf, "Non-interference through determinism," J. Comput. Security, vol. 4, 1995.
23. P. Y. A. Ryan, "Mathematical models of computer security," in Foundations of Security Analysis and Design. New York: Springer-Verlag, 2000.
24. P. Y. A. Ryan and S. A. Schneider, "Process algebra and noninterference," in Proc. IEEE Computer Security Foundations Workshop, 1999, pp. 214-227.
25. R. Sandhu, "A perspective on integrity mechanisms," in Proc. Computer Security Applications Conf., 1989.
26. ____, "Role based access control models," IEEE Computer, vol. pp. 38-47, 1996.
27. A. Schaad and D. Moffett, "The incorporation of control principles into access control policies," in Workshop on Policies for Distributed Systems and Networks, Bristol, U.K., 2001.
28. F. B. Schneider, "Enforcable security policies," ACM Trans. Inform. Syst. Security, vol. 3, pp. 30-50, Feb. 2000.
29. R. Simon and M. Zurko, "Separation of duty in role based environments," in Proc. Computer Security Foundations Workshop, 1997, pp. 183-194.
30. A. C. Simpson, "Safety through security," Ph.D. dissertation, Oxford Univ., Comput. Lab., 1996.
31. D. Sutherland, "A model of information," in Proc. 9th National Computer Security Conference, 1986.
32. "Integrity-Oriented Control Objectives: Proposed Revisions to the Trusted Computer System Evaluation Criteria (TCSEC)," U. S. Dept. Defense, DOD 5200.28-STD, 1991.
33. D. Weber, "Specifications for Fault-Tolerance," Odyssey Research Associates, Ithaca, NY, 19-3, 1988.