Lessons learned using Alloy to formally specify MLS-PCA trusted security architecture

FMSE'04: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering

Volumn , Issue , 2004, Pages 86-95

  Hashii, Brant ^a  

^a NORTHROP GRUMMAN CORPORATION   (United States)

Author keywords

Alloy; Formal specification; High assurance; Multilevel Security (MLS); Network security

Indexed keywords

ALLOYS; COMPUTER OPERATING SYSTEMS; COMPUTER SOFTWARE; MULTIPROCESSING SYSTEMS; PROJECT MANAGEMENT; SECURITY OF DATA; SPECIFICATIONS;

FORMAL SPECIFICATION; HIGH ASSURANCE; MULTILEVEL SECURITY (MLS); NETWORK SECURITY;

COMPUTER ARCHITECTURE;

EID: 20444475069     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1029133.1029145     Document Type: Conference Paper

References (35)

1. Common Criteria for Information Technology Security Evaluation, Version 2.1, August 1999. Available at http://www.radium.ncsc.mil/tpep/library/ccitse/ ccitse.html.
2. Earl Barr, Raju Pandey, and Michael Haungs. MAGE: A distributed programming model. In Proceedings of the 21st International Conference on Distributed Computing Systems (ICDCS '01), pages 303-312, Mesa, AZ, April 2001.
3. David E. Bell and Leonard J. La Padula. Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA, 1975. Available at http://csrc.nist.gov/publications/ history/.
4. Viktors Berstis. Fundamentals of grid computing, 2002. Available at http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/redp3613.%html? Open.
5. Whitfield Dime and Martin E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644-654, November 1976.
6. Whitfield Diffie, Paul C. van Oorschot, and Michael J. Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2(2):107-125, 1992.
7. J. A. Goguen and J. Meseguer. Security policies and security models. In Proceedings of the IEEE Symposium on Security and Privacy, pages 11-20, Oakland, CA, April 1982.
8. David Greve, Matthew Wilding, and W. Mark Vanfleet. A separation kernel formal security policy. In Fourth International Workshop on the ACL2 Prover and Its Applications (ACL2-2003), Boulder, CO, July 2003. Available at http://hokiepokie.org/docs/.
9. Daniel Jackson. Micromodels of Software: Modelling & Analysis with Alloy. MIT Lab for Computer Science, November 2001. Available at http://sdg.lcs.mit.edu/alloy/book.pdf.
10. Daniel Jackson, Ilya Shlyakhter, and Manu Sridharan. A micromodularity mechanism. In Proceedings of the ACM SIGSOFT Conference on the Foundations of Software Engineering / European Software Engineering Conference, pages 62-73, Vienna, Austria, September 2001.
11. Daniel Jackson and Jeannette M. Wing. Lightweight formal methods. IEEE Computer, pages 21-22, April 1996.
12. Martha L. Kahn and Cynthia Della Torre Cicalese. The CoABS Grid, January 2002. Presented at Goddard / JPL Workshop on Radical Agent Concepts, Tysons Corner, CA. Available at http://coabs.globalinfotek.com/public/downloads/Grid/ documents/010904Ka%hnCicaleseNASA.pdf.
13. Paul A. Karger. New methods for immediate revocation. In 1989 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 1989. IEEE Computer Society. Available at http://www.multicians.org/biblio.html.
14. Lockheed Sanders, Inc., Hughes Aircraft, Motorola, and ISX Corporation. RASSP architecture guide rev. b, January 1995. Available at http://www.eda.org/ rassp/documents/sanders/arch_guide_b.pdf.
15. National Computer Security Center. Final evaluation report, Gemini Computers, Incorporated, Gemini Trusted Network Processor, version 1.01, June 1995. Available at http://www.geminisecure.com/resource.htm.
16. National Institute of Standards and Technology. Special publication 800-57 recommendation for key management part 1: General guideline, January 2003. Draft, Available at http://csrc.nist.gov/CryptoToolkit/tkkeymgmt.html.
17. National Security Agency. GTNP version 1.01, network component M only, EPL entry CSC-EPL-94/008, September 1994. Available at http://www.radium.ncsc. mil/tpep/epl/entries/CSC-EPL-94-008.html.
18. National Security Agency. MLS LAN version 2.1, network component MDIA, EPL entry CSC-EPL-94/006, September 1994. Available at http://www.radium.ncsc. mil/tpep/epl/entries/CSC-EPL-94-006.html.
19. RTCA. RTCA/DO-178B: Software considerations in airborne systems and equipment certification, 1992. Committee SC-167/Eurocae WG-12.
20. J. M. Rushby. Design and verification of secure systems. In Proceedings of the Eighth ACM Symposium on Operating Systems Principles, volume 15, pages 12 - 21, Pacific Grove, CA, USA, December 1981. ACM Press. Available at http://www.csl.sri.com/papers/sosp81/.
21. John Rushby. Noninterference, transitivity, and channel-control security policies. Technical Report CSL-92-02, Computer Science Laboratory, SRI International, Menlo Park, CA, December 1992. Available at http://www.csl.sri. com/papers/csl-92-2/.
22. John Rushby. Formal methods and their role in the certification of critical systems. Technical Report SRI-CSL-95-1, Computer Science Laboratory, SRI International, Menlo Park, CA, March 1995.
23. Also available as NASA Contractor Report 4673, August 1995, and to be issued as part of the FAA Digital Systems Validation Handbook http://www.csl.sri.com/papers/csl-95-1/.
24. John Rushby and Brian Randell. A distributed secure system. IEEE Computer, 16(7):55-67, July 1983. Available at http://www.csl.sri.com/users/ rushby/abstracts/computer83.
25. Ravi S. Sandhu. Lattice-based access control models. IEEE Computer, 26(11):9-19, 1993. Available at http://citeseer.nj.nee.com/article/ sandhu93latticebased.html.
26. Gerhard Schellhorn, Wolfgang Reif, Axel Schairer, Paul A. Karger, Vernon Austel, and David Toll. Verification of a formal security model for multiapplicative smart cards. In 6th European Symposium on Research in Computer Security (ESORICS), volume 1895 of Lecture Notes in Computer Science, pages 17-36, Toulouse, France, October 2000. Springer. Available at http://citeseer.nj.nec.com/schellhorn00verification.html.
27. Richard E. Smith. Cost profile of a highly assured, secure operating system. ACM Transactions on Information and System Security, 4(1):72-101, February 2001.
28. John A. Tirpak. The F-22 on the line. Air Force Magazine, 85(09), 2002. Available at http://www.afa.org/magazine/Sept2002/0902raptor.html.
29. Trusted Computing Platform Alliance. Trusted Computing Platform Alliance (TCPA) Main Specification Version 1.1b, February 2002. Available at http://www.trustedcomputing.org/tcpaasp4/index.asp.
30. K. H. Tsoi, K. H. Leung, and P. H. W. Leong. Compact FPGA-based true and pseudo random number generators. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), California, USA, 2003. Available at http://www.cse.cuhk.edu.hk/~phwl/publications.html.
31. United States Joint Chiefs of Staff. Joint vision 2020, May 2000. Available at http://www.dtic.mil/jointvision/jvpub2.htm.
32. U.S. Department of Defense. DoD trusted computer system evaluation criteria, December 1985. Available at http://www.radium.ncsc.mil/tpep/library/ rainbow/index.html.
33. Ben L. Di Vito. A model of cooperative noninterference for integrated modular avionics. In Proceedings of Dependable Computing for Critical Applications (DCCA-7), San Jose, CA, January 1999. Available to http://shemesh.larc.nasa.gov/people/bld/.
34. Clark Weissman. BLACKER : Security for the DDN, examples of Al security engineering trades. In Proceedings of the IEEE Symposium on Security and Privacy, pages 286-292, 1992.
35. Clark Weissman. MLS-PCA: A high assurance security architecture for future avionics. In Proceedings of the 19th Annual Computer Security Applications Conference, pages 2-13, Las Vegas, Nevada, USA, December 2003. IEEE Press.