Security Models

McLean, John; Schell, Roger R.; Brinkley, Donald L.

doi:10.1002/0471028959.sof297

Cited by 35 publications

(49 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A consensus has been reached by considering a policy a set of rules and conditions that state which actions are permitted and which actions are prohibited, whereas a model as a formal description of a security policy: it precisely and unambiguously conveys those aspects of the security policy that are enforced by the system [McL94].…”

Section: Security Policies and Modelsmentioning

confidence: 99%

A model checking-based approach for security policy verification of mobile systems

2011

View full text Add to dashboard Cite

This article describes an approach for the automated verification of mobile systems. Mobile systems are characterized by the explicit notion of location (e.g., sites where they run) and the ability to execute at different locations, yielding a number of security issues. To this aim, we formalize mobile systems as Labeled Kripke Structures, encapsulating the notion of location net that describes the hierarchical nesting of the threads constituting the system. Then, we formalize a generic security-policy specification language that includes rules for expressing and manipulating the code location. In contrast to many other approaches, our technique supports both access control and information flow specification. We developed a prototype framework for model checking of mobile systems. It works directly on the program code (in contrast to most traditional process-algebraic approaches that can model only limited details of mobile systems) and uses abstraction-refinement techniques, based also on location abstractions, to manage the program state space. We experimented with a number of mobile code benchmarks by verifying various security policies. The experimental results demonstrate the validity of the proposed mobile system modeling and policy specification formalisms and highlight the advantages of the model checking-based approach, which combines the validation of security properties with other checks, such as the validation of buffer overflows.

show abstract

Section: Security Policies and Modelsmentioning

confidence: 99%

A model checking-based approach for security policy verification of mobile systems

2011

View full text Add to dashboard Cite

show abstract

“…This approach, however, exposes the systems to denials-of-service attacks whereby low level processes can impede high level (and therefore, presumably, more important) processes to complete their activity. Covert channels are difficult to control also because of the difficulty of mapping an access control model's primitive to a computer system [64]. For this reason, covert channels analysis is usually carried out in the implementation phase, to make sure that the implementation of the model's primitive is not too weak.…”

Section: Limitations Of Mandatory Policiesmentioning

confidence: 99%

“…Beside the complexity, the limitation of such solutions is that covert channels are found out at the end of the development process, where system changes are much more expensive to correct. Interface models have been proposed which attempt to rule out covert channels analysis in the modeling phase [64,37]. Rather than specifying a particular method to enforce security, interface models specify restrictions on a system's input/output that must be obeyed to avoid covert channels.…”

Section: Limitations Of Mandatory Policiesmentioning

confidence: 99%

Access Control: Policies, Models, and Mechanisms

Samarati

Vimercati

2001

Lecture Notes in Computer Science

452

289

View full text Add to dashboard Cite

Abstract. Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and, in some sense, to different definitions of what ensuring security means. In this chapter we investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration. We discuss several access control policies, and models formalizing them, that have been proposed in the literature or that are currently under investigation.

show abstract

“…Intuitively, to establish that information does not flow from high to low it is sufficient to establish that high behavior has no effect on what low level users can observe, i.e., the low level view of the system is independent of high behavior. Noninterference has been further developed in different settings such as programming languages [38,36,35,3], trace models [20,21], process calculi [30,28,33,8,6,14], probabilistic models [2,7], timed models [13], cryptographic protocols [1,9,4].…”

Section: Introductionmentioning

confidence: 99%

Information flow in secure contexts

Bossi

Macedonio

Piazza

et al. 2005

JCS

View full text Add to dashboard Cite

Information flow security in a multilevel system aims at guaranteeing that no high level information is revealed to low level users, even in the presence of any possible malicious process. This requirement could be stronger than necessary when some knowledge about the environment (context) in which the process is going to run is available. To relax this requirement we introduce the notion of secure contexts for a class of processes. This notion is parametric with respect to both the observation equivalence and the operation used to characterize the low level view of a process. As observation equivalence we consider the cases of weak bisimulation and trace equivalence. We describe how to build secure contexts in these cases and we show that two well-known security properties, named BNDC and NDC, are just special instances of our general notion.£ This work has been partially supported by the EU Contract IST-2001-32617 "Models and Types for Security in Mobile Distributed Systems" (MyThS) and the FIRB project RBAU018RCZ "Interpretazione astratta e model checking per la verifica di sistemi embedded".

show abstract

Security Models

Cited by 35 publications

References 31 publications

A model checking-based approach for security policy verification of mobile systems

A model checking-based approach for security policy verification of mobile systems

Access Control: Policies, Models, and Mechanisms

Information flow in secure contexts

Contact Info

Product

Resources

About