Applying a theory of modules and interfaces to security verification

An overview is given of a theory of modules and interfaces applicable to the specification and verification of systems with a layered architecture. At the heart of this theory is a module composition theorem. The theory is applied to the specification of a distributed system consisting of subjects and objects in different hosts (computers). Formal specifications of a user interface and a network interface are given. Access to objects, both local and remote, offered by the distributed system is proved to be multilevel secure.<<ETX>>

[1]  Leslie Lamport,et al.  Artificial Intelligence and Language Processing ]acques Cohen Editor a Simple Approach to Specifying Concurrent Systems , 2022 .

[2]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[3]  John Rushby,et al.  The Bell and La Padula Security Model , 1986 .

[4]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[5]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[6]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .

[7]  James P. Anderson A Unification of Computer and Network Security Concepts , 1985, 1985 IEEE Symposium on Security and Privacy.

[8]  A. Udaya Shankar,et al.  Protocol Verification via Projections , 1984, IEEE Transactions on Software Engineering.

[9]  V. Varadharajan A multilevel security policy model for networks , 1990, Proceedings. IEEE INFOCOM '90: Ninth Annual Joint Conference of the IEEE Computer and Communications Societies@m_The Multiple Facets of Integration.

[10]  Stephen T. Walker Network Security Overview , 1985, 1985 IEEE Symposium on Security and Privacy.

[11]  Dan M. Nessett Factors Affecting Distributed System Security , 1986, 1986 IEEE Symposium on Security and Privacy.

[12]  Mary Ellen Zurko,et al.  A VMM security kernel for the VAX architecture , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[14]  Martín Abadi,et al.  The Existence of Refinement Mappings , 1988, LICS.

[15]  Leslie Lamport What it means for a concurrent program to satisfy a specification: why no one has specified priority , 1985, POPL '85.

[16]  A. Udaya Shankar,et al.  A Relational Notation for State Transition Systems , 1990, IEEE Trans. Software Eng..

[17]  Nancy A. Lynch,et al.  Hierarchical correctness proofs for distributed algorithms , 1987, PODC '87.

[18]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[19]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.