Using composition to design secure, fault-tolerant systems

Complex systems must be analyzed in smaller pieces. Analysis must support both bottom-up (composition) and top-down (refinement) development, and it must support the consideration of several critical properties, e.g., functional correctness, fault tolerance and security, as appropriate. We describe a mathematical framework for performing composition and refinement analysis and discuss some lessons learned from its application. The framework is written and verified in PVS.

[1]  Martín Abadi,et al.  Conjoining specifications , 1995, TOPL.

[2]  C. N. Payne Using composition and refinement to support security architecture trade-off analysis , 1999 .

[3]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[4]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[5]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[6]  Larry L. Peterson,et al.  The x-Kernel: An Architecture for Implementing Network Protocols , 1991, IEEE Trans. Software Eng..

[7]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[8]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Martín Abadi,et al.  An old-fashioned recipe for real time , 1994, TOPL.

[10]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[11]  T. Fine A framework for composition , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.