Specifying security constraints with relaxation lattices

A description is given of the relaxation lattice approach to specifying graceful degradation for a large class of systems. The method is applied to the security domain by identifying degraded systems behaviors with those that can result from security violations such as a user of one security class obtaining access rights associated with those of a higher class. The method can be used in two ways: (1) as a descriptive technique for specifying the behavior of existing systems in which breaches of security may inadvertently or unavoidably occur; and (2) as a formal design technique for specifying a range of behaviors, from ideal to undesired, of systems to be implemented.<<ETX>>

[1]  Kenneth P. Birman,et al.  Replication and fault-tolerance in the ISIS system , 1985, SOSP '85.

[2]  Jo-Mei Chang,et al.  Reliable broadcast protocols , 1984, TOCS.

[3]  Maurice Herlihy,et al.  Specifying graceful degradation in distributed systems , 1987, PODC '87.

[4]  Terry V. Benzel Analysis of a Kernel Verification , 1984, IEEE Symposium on Security and Privacy.

[5]  Barry D. Gold,et al.  KVM/370 in Retrospect , 1984, 1984 IEEE Symposium on Security and Privacy.

[6]  Irving L. Traiger,et al.  The notions of consistency and predicate locks in a database system , 1976, CACM.

[7]  Jim Gray,et al.  Notes on Data Base Operating Systems , 1978, Advanced Course: Operating Systems.

[8]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[9]  James J. Horning,et al.  The Larch Family of Specification Languages , 1985, IEEE Software.