Stating security requirements with tolerable sets
暂无分享,去创建一个
This paper introduces and develops the concept of tolerable sets for analyzing general security requirements. Tolerable sets, and corresponding purging functions and invisibility based on the sets, are used to state and test such requirements. The approach used in this paper resulted from our attempt to apply the noninterference ideas of Goguen and Meseguer to the problem of stating special security requirements in the case of so-called trusted subjects. It turns out that the conditional purging function defined by Goguen and Meseguer is only one example, though an important one, of a conditional purging function. This paper provides a definition and characterization of a general class of purging functions similar to the purging function of Goguen and Meseguer. Furthermore, it relates purging and invisibility to security requirements. Some particular applications are described toward the end of the paper. At the end there are some critical remarks about purging functions.
[1] José Meseguer,et al. Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.
[2] J. Thomas Haigh,et al. Extending The Non-Interference Version Of MLS For Sat , 1987, 1986 IEEE Symposium on Security and Privacy.
[3] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .
[4] J K Millen,et al. Computer Security Models , 1984 .