Non-interference through Determinism

The standard approach to the specification of a secure system is to present a (usually state-based) abstract security model separately from the specification of the system's functional requirements, and establishing a correspondence between the two specifications. This complex treatment has resulted in development methods distinct from those usually advocated for general applications.

[1]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[2]  Cliff B. Jones,et al.  5th Refinement Workshop , 1992, Workshops in Computing.

[3]  A. W. Roscoe Unbounded Non-Determinism in CSP , 1993, J. Log. Comput..

[4]  Jeremy L. Jacob,et al.  Specifying security properties , 1991 .

[5]  Jim Woodcock,et al.  Refinement of State-Based Concurrent Systems , 1990, VDM Europe.

[6]  Roger Bishop Jones,et al.  Methods and Tools for the Verification of Critical Properties , 1992, Refine.

[7]  Andrew William Roscoe,et al.  Model-checking CSP , 1994 .

[8]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[9]  Ralph-Johan Back,et al.  Decentralization of process nets with centralized control , 1983, PODC '83.

[10]  P. G. Allen,et al.  A comparison of non-interference and non-deducibility using CSP , 1991, Proceedings Computer Security Foundations Workshop IV.

[11]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[12]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .