Mechanizing Security In HOL

Four definitions or “models” of security are described formally and with examples. The formalization into HOL of three of these models is demonstrated. The relative strengths of these definitions is discussed with respect to adequacy, mechanizability, and provability. Mechanizability refers to how susceptible the model is to formalization in a language like HOL or EHDM [2]. Provability refers to the difficulty of verifying that a particular system has a desired security property. The “non-interference” and “restrictiveness” models described in sections 3 and 4 are concise and elegant, but verifying that a system has either of these properties generally involves lengthy and complicated inductions [l].

[1]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[2]  Karl N. Levitt,et al.  Verification of secure distributed systems in higher order logic: A modular approach using generic components , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Daryl McCullough,et al.  Specifications for Multi-Level Security and a Hook-Up , 1987, 1987 IEEE Symposium on Security and Privacy.

[4]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[5]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.