Security function interactions

We use a compositional framework to model security architectures involving heterogeneous and distributed security functions. Our goal is to assist the ITSEC evaluation of suitability binding and vulnerability of a set of security functions. We propose constraints that security functions should guarantee in order to interact consistently, and securely with other functions. To illustrate these notions we study the interactions of various components of a secure LAN.

[1]  Pierre Siron,et al.  A Secure Medium Access Control Protocol: Security vs Performances , 1994, ESORICS.

[2]  Virginie Wiels,et al.  A Framework for Modular Formal Specification and Verification , 1997, FME.

[3]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[4]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[5]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[6]  José Luiz Fiadeiro,et al.  Categorical Semantics of Parallel Program Design , 1997, Sci. Comput. Program..

[7]  Daryl McCullough,et al.  Noninterference and the composability of security properties , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[8]  T. Fine A framework for composition , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[9]  Virginie Wiels Modularité pour la conception et la validation formelles de systèmes , 1997 .

[10]  J. Thomas Haigh,et al.  Extending the Non-Interference Version of MLS for SAT , 1986, IEEE Symposium on Security and Privacy.

[11]  Kai Rannenberg,et al.  Information Technology Security Evaluation Criteria (ITSEC) - a Contribution to Vulnerability? , 1992, IFIP Congress.

[12]  Frédéric Cuppens,et al.  A Logical View of Secure Dependencies , 1992, J. Comput. Secur..