Applying the Composition Principle to Verify a Hierarchy of Security Servers (1998) [2 citations — 0 self]

Download:

by Mark R. Heckman, Karl N. Levitt

in Proceedings of 31st Hawaii International Conference on System Sciences, p.338347 vol.3

http://shangrila.cs.ucdavis.edu:1234/silo/hicss98.ps

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Heckman98applyingthe,
    author = {Mark R. Heckman and Karl N. Levitt},
    title = {Applying the Composition Principle to Verify a Hierarchy of Security Servers},
    booktitle = {in Proceedings of 31st Hawaii International Conference on System Sciences, p.338347 vol.3},
    year = {1998},
    pages = {338--347}
}

Abstract:

This paper describes how the composition principle of Abadi and Lamport can be applied to specify and compose systems where access control policies are distributed among a hierarchy of agents. Examples of such systems are layered secure operating systems, where the mandatory access control policy is enforced by the lowest system layer and discretionary and applicationspecific policies are implemented by outer layers, and microkernel operating systems, where the access control policy may be distributed among a hierarchy of server processes. We specifically consider the case of a microkernel operating system type architecture, in which resource management policies are enforced by server processes outside of the kernel, and where the system access control policy is a composition of the distinct policies implemented by the servers. As an example, we have specified a two-server system, including both safety and progress properties. We formally verified the composition of the two server processes using the HOL theorem proving system.

Citations

480	Conjoining specifications – Abadi, Lamport - 1995
371	The existence of refinement mappings – Abadi, Lamport - 1991
130	A simple approach to specifying concurrent systems – Lamport - 1989
107	A general theory of composition for trace sets closed under selective interleaving functions – McLean - 1994
35	A Study in Operating System Verification – Kit - 1989
14	TCB Subsets for Incremental Evaluation – Shockley, Schell - 1987
10	Access mediation in a message passing kernel – Branstad, Tajalli, et al. - 1989
6	Toward an Understanding of Extensible Architectures for Evaluated Trusted Computer System Products – Schaefer, Schell - 1984
1	9] National Computer Security Center. Department of Defense Trusted Computer System Evaluation Criteria – Saydjari, Turner, et al. - 1985
1	Trusted distributed computing: Using untrusted network software – Sebes, Feiertag - 1991

View or Download | Add to My Collection | Correct Errors