论文信息 - A formal approach for security evaluation

A formal approach for security evaluation

The authors discuss security issues and consider the extent to which internal relations among entities in a system should be taken into account when carrying out security analysis. They present a concrete and flexible security model expressed in terms of the internal relations in the system, rather than abstract state machines. Based on this model, security analysis can be carried out by decomposing the analysis of the whole system into analyses of subsets of the relations, and the security property of the whole system can be derived by composition of these secure relation subsets.<<ETX>>

J. A. McDermid | Q. Shi | Q. Shi | J. Mcdermid

[1] J. Meseguer,et al. Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[2] James W. Gray,et al. On information flow security models , 1991, Proceedings Computer Security Foundations Workshop IV.

[3] José Meseguer,et al. Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[4] John McLean,et al. Security models and information flow , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[5] Daryl McCullough,et al. A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[6] J. Todd Wittbold,et al. Information flow in nondeterministic systems , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[7] Qi Shi,et al. A formal model of security dependency for analysis and testing of secure systems , 1991, Proceedings Computer Security Foundations Workshop IV.

[8] Jonathan K. Millen,et al. Hookup security for synchronous machines , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.