An Architectural Refinement Approach Based on Trusted Channel in MLS Environment

Architectural refinement is an important approach to save the development costs and speed up the design and development progress. With the traditional research usually focusing on the refinement of functions and components, the additional information flow which is unsupervised generated during the refinement process and the possible loss of consistency of security structure are not considered thoroughly. This paper proposes an architectural refinement approach based on trusted channel working in MLS (Multi-Level Security) environment. Applying characteristics of trusted channel to the refinement of the functions and components in security structure, this paper takes the security issues of additional information flow and consistency of security structure problems arising in the process of refinement into account, and uses TCB (trusted computing base) extension to illustrate architectural refinement to obtain a hierarchical TCB. This paper also makes formal description of this approach and rules that must be followed in the process of applying it. And in the end, the security of this approach is proved using the noninterference model.

[1]  Shen Chang-xiang Research of trusted channel model , 2011 .

[2]  Caixia Liu,et al.  The Research of PLC and Touch Screen in the Erosion of Coating of Wind Turbine Blade , 2015 .

[3]  Ron van der Meyden Architectural refinement and notions of intransitive noninterference , 2012, Formal Aspects of Computing.

[4]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[5]  Shen Chang-xiang Research of trusted expand model of TCB , 2010 .

[6]  Xavier Franch,et al.  Putting non-functional requirements into software architecture , 1998, Proceedings Ninth International Workshop on Software Specification and Design.

[7]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[8]  John Leaney,et al.  Non-functional refinement of computer based systems architecture , 2004, Proceedings. 11th IEEE International Conference and Workshop on the Engineering of Computer-Based Systems, 2004..

[9]  Shen Chang-xiang Channel-Based TCB Extension Model , 2010 .

[10]  Marco Antonio Barbosa A refinement calculus for software components and architectures , 2005, ESEC/FSE-13.

[11]  George R. Ribeiro-Justo,et al.  A framework for building non-functional software architectures , 2001, SAC.

[12]  Vincenzo Ambriola,et al.  Architectural transformations , 2002, SEKE '02.

[13]  Jie Zhou,et al.  Security policy refinement and enforcement for the design of multi-level secure systems , 2008, J. Comput. Secur..

[14]  Yi Deng,et al.  An Approach for Modeling and Analysis of Security System Architectures , 2003, IEEE Trans. Knowl. Data Eng..

[15]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[16]  Eric S. K. Yu,et al.  An approach to building quality into software architecture , 1995, CASCON.

[17]  Ron van der Meyden What, indeed, is intransitive noninterference? , 2015, J. Comput. Secur..

[18]  J. Thomas Haigh,et al.  Extending The Non-Interference Version Of MLS For Sat , 1987, 1986 IEEE Symposium on Security and Privacy.

[19]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[20]  David Garlan,et al.  Style-based refinement for software architecture , 1996, ISAW '96.

[21]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[22]  Jim Alves-Foss,et al.  The MILS architecture for high-assurance embedded systems , 2006, Int. J. Embed. Syst..

[23]  K. Suzanne Barber,et al.  Enabling iterative software architecture derivation using early non-functional property evaluation , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[24]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[25]  Jie Zhou,et al.  Architecture-based refinements for secure computer systems design , 2006, PST.

[26]  Andrew C. Myers,et al.  End-to-end availability policies and noninterference , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[27]  Li Gong,et al.  Secure software architectures , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[28]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.