论文信息 - The Security Model of Enhanced HDM

The Security Model of Enhanced HDM

The Enhanced HDM Specification and Verification System being developed at SRI International includes an “MLS Checker” that automatically verifies the security of a certain class of system specifications. This paper gives a brief and informal overview of the security model on which the MLS checker is based and discusses its application and its relationship to other security models and to the requirements of the DoD Trusted Computer System Evaluation Criteria.

John Rushby | J. Rushby

[1] John Rushby,et al. The Bell and La Padula Security Model , 1986 .

[2] J K Millen,et al. Computer Security Models , 1984 .

[3] B. A. Hartman. A Gypsy-Based Kernel , 1984, 1984 IEEE Symposium on Security and Privacy.

[4] John M. Rushby,et al. Proof of separability: A verification technique for a class of a security kernels , 1982, Symposium on Programming.

[5] John McLean,et al. A Comment on the 'Basic Security Theorem' of Bell and LaPadula , 1985, Inf. Process. Lett..

[6] P. S. Tasker,et al. DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[7] Lawrence Robinson,et al. Proving multilevel security of a system design , 1977, SOSP '77.

[8] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[9] Jonathan M. Silverman,et al. Reflections on the verification of the security of an operating system kernel , 1983, SOSP '83.

[10] Richard J. Feiertag. A Technique for Proving Specifications are Multilevel Secure , 1980 .

[11] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[12] Carl E. Landwehr. A Survey of Formal Models for Computer Security. , 1981 .

[13] T. Taylor. Comparison Paper between the Bell and LaPadula Model , 1984, 1984 IEEE Symposium on Security and Privacy.