The Formal Development of a Secure Transaction Mechanism

This paper reports on the use of formal refinement in the development of a Transaction Processing (TP) mechanism for a secure database management system called SWORD. The SWORD specification, written in Z, defines the semantics of concurrent transactions which operate on shared databases without interfering. The specification is quite abstract: in contrast, our design for the TP mechanism (also specified in Z) is extremely complex since it achieves noninterference without using data locks. This paper describes our experience of using formal specification and refinement to develop the TP mechanism in a manner which is amenable to reasoning about its correctness.

[1]  Simon R. Wiseman,et al.  A 'new' security policy model , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[2]  Simon R. Wiseman Control of confidentiality in databases , 1990, Comput. Secur..

[3]  Simon Wiseman Basic Mechanisms for Computer Security , 1990 .

[4]  G. P. Randell Zadok User Guide , 1990 .

[5]  Richard A. Kemmerer,et al.  Shared resource matrix methodology: an approach to identifying storage and timing channels , 1983, TOCS.

[6]  C. L. Harrold,et al.  An introduction to the SMITE approach to secure computing , 1989, Comput. Secur..

[7]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[8]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[9]  Donald Sannella,et al.  On Observational Equivalence and Algebraic Specification , 1987, J. Comput. Syst. Sci..

[10]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[11]  A. W. Wood The Sword Model of Multilevel Secure Databases , 1990 .