×

The enforcement of security policies for computation. (English) Zbl 0383.68034

Summary: Security policies define who may use what information in a computer system. Protection mechanisms are built into a system to enforce security policies. In most systems, however, it is quite unclear what policies a mechanism can or does enforce. This paper defines security policies and protection mechanisms precisely and bridges the gap between them with the concept of soundness: whether a protection mechanism enforces a policy. Different sound protection mechanisms for the same policy can then be compared. We also show that the “union” of mechanisms for the same program produces a more “complete” mechanism. Although a “maximal” mechanism exists, it cannot necessarily be constructed.

MSC:

68N99 Theory of software
68N25 Theory of operating systems
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Bell, D. W., Secure systems: A Refinement of the Mathematical Model, The Mitre Corporation MTR 2547, Vol. II (1974)
[2] Denning, D. E., A lattice model of secure information flow, Comm. ACM, 19, 236-243 (1976) · Zbl 0322.68034
[3] Denning, D. E.; Denning, P. J., Certification of Programs for Secure Information Flow, (Purdue University Technical Report CSD-TR181 (March 1976)) · Zbl 0361.68033
[4] Doyle, A. C., Silver blaze, (The Memoirs of Sherlock Holmes (1874))
[5] Fenton, J. S., Memoryless subsystems, Comput. J., 17, 143-147 (1974) · Zbl 0282.68007
[6] Jones, A. K., Protection in Programmed Systems, (Ph.D. Thesis (1973), Carnegie-Mellon University)
[7] Lampson, B. W., A note on the confinement problem, Comm. ACM, 16 (1973) · Zbl 0165.18701
[8] Moore, C. G., Potential Capabilities in Algol-like Programs, Cornell University Technical Report TR 74-211 (September 1974)
[9] Neumann, P. G.; Robinson, L.; Levitt, K. N.; Boyer, R. S.; Saxena, A. R., A Provably Secure Operating System, SRI Final Report (1975)
[10] Parnas, D., A technique for software module specification, with examples, Comm. ACM, 15, 330-336 (1972)
[11] Popek, G.; Kline, C. S., Verifiable secure operating system software, (AFIPS National Computer Conference Proceedings (1974)), 145-151
[12] Rotenberg, L., Making Computers Keep Secrets, MIT-TR-115 (1974)
[13] L. Ruzzo, Private communication.; L. Ruzzo, Private communication.
[14] Schroeder, M. D., Cooperation of Mutually Suspicious Subsystems in a Computer Utility, (Ph.D. Thesis, MAC TR-104 (1972), Massachusetts Institute of Technology)
[15] Walter, K. G.; Ogden, W. F.; Rounds, W. C.; Bradshaw, F. T.; Ames, S. R.; Schuman, D. G., Models for Secure Computer Systems, Case Western Reserve Technical Report 1137 (1973)
[16] Weissman, C., Security controls in the ADEPT-50 time sharing system, AFIPS FJCC, 119-133 (1969)
[17] Wulf, W. A.; Cohen, E.; Corwin, W.; Jones, A.; Levin, R.; Pierson, C.; Pollack, R., HYDRA: The kernel of a multiprocessor operating system, Comm. ACM, 17, 337-345 (1974)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.