J. K. Millen, Unwinding Forward Correctability, in: Proc. of the IEEE Computer Security Foundations Workshop (CSFW'94), IEEE Computer Society Press, 1994, pp. 2-10.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....improving on the polynomial time complexity required by the Compositional Security Checker Cosec presented in [5] The second characterization is based on unwinding conditions. This kind of conditions for possibilistic security properties have been previously proposed in many papers, see, e.g. [14, 32, 27, 18]. All such conditions have been proposed for traces based models and are, in most cases, only sucient for the respective security properties. Here we propose new necessary and sucient unwinding conditions for bisimulation based properties. In [1] we show how unwinding conditions can be exploited ....

J. K. Millen. Unwinding Forward Correctability. In Proc. of the IEEE Computer Security Foundations Workshop, pages 2-10. IEEE Computer Society Press, 1994.

....improving on the polynomial time complexity required by the Compositional Security Checker Cosec presented in [5] The second characterization is based on unwinding conditions. This kind of conditions for possibilistic security properties have been previously proposed in many papers, see, e.g. [13, 32, 26, 17]. All such conditions have been proposed for traces based models and are, in most cases, only sucient for the respective security properties. Here we propose new necessary and sucient unwinding conditions for bisimulation based properties. In [2] we show how unwinding conditions can be exploited ....

J. K. Millen. Unwinding Forward Correctability. In Proc. of the IEEE Computer Security Foundations Workshop, pages 2-10. IEEE Computer Society Press, 1994.

....property of high level actions and (ii) we exploit this local property in order to de ne a proof system which provides a very ecient technique for the development and veri cation of P BNDC processes. The unwinding condition, similar to other already proposed in di erent settings (see, e.g. [15, 18, 20, 24]) requires that every high level event is simulable by a sequence of internal moves, i.e, that every time a high level event is performed moving the system to a state E , a state E is also reachable (through internal computation) which is equivalent to E from a low level point of view, ....

....focus on observable actions not belonging to H . In the following we propose another characterization of P BNDC processes which allows us to express P BNDC in terms of a local property of high level actions. This characterization recalls the unwinding conditions proposed in other settings (e.g. [15, 18, 20, 24]) Theorem 1. Let E 2 E be a process. E 2 P BNDC i if E E i E j , then E i = E k and E j n H E k n H. The class of P BNDC processes enjoys the following compositional properties. Lemma 2 (Compositionality) The following properties hold: 1. if E is a closed process in EL , then ....

J. K. Millen. Unwinding Forward Correctability. In Proceedings of the Computer Security Foundations Workshop, pages 2-10, 1994.

....of high level actions and (ii) we exploit this local property in order to define a proof system which provides a very efficient technique for the development and verification of P BNDC processes. The unwinding condition, similar to other already proposed in different set tings (see, e.g. [16, 18, 20, 24]) requires that every high level event is simulable by a sequence of internal moves, i.e, that every time a high level event is performed moving the system to a state E , a state E is also reachable (through internal computation) which is equivalent to E from a low level point of view, written ....

....focus on observable actions not belonging to H. In the following we propose another characterization of P BNDC processes which allows us to express P BNDC in terms of a local property of high level actions. This characterization recalls the unwinding conditions proposed in other settings (e.g. [16, 18, 20, 24]) In [16] it is shown how unwinding conditions can be used for the verification of security properties. Here we use our characterization to prove the correctness of the proof system defined in the next sections. Theorem 1. Let E be a process. E P BNDC if E Ei Ej, then Ei Ek and Ej H Ek H. ....

J. K. Millen. Unwinding Forward Correctability. In Proc. of 7th Computer Security Foundations Workshop, pages 2-10. IEEE, 1994.

....the equivalence between a trace based security condition and a transition based security condition is called an unwinding theorem. All of the unwinding theorems presented in the literature have dealt with specific security properties [Goguen Meseguer84] McCullough90] Bevier Young94] Millen94] The specific details of these are not important at this time. Generally, an unwinding theorem takes the following form. Given a system and a sensitivity level, an equivalence relation is imposed on the system states. Then a condition is given on how users of different sensitivity levels can ....

....through system output to a user at level s or below, either now or after futher inputs. The noninterference policy is satisfied if and only if high level inputs have no apparent effect on a low user s view, because they cause transitions to states in the same equivalence set. Millen94] 2.7. Summary In this chapter we have presented some of the relevant research. In future chapters we will build upon this work to provide a general framework for the analysis of security properties. 3. Components and Systems Mathematics possesses not only truth, but supreme beauty a ....

[Article contains additional citation context not shown here]

Jonathan K. Millen. "Unwinding Forward Correctability," Proceedings of the Computer Security Foundations Workshop VII, pages 2-10. IEEE Computer Society, June 1994.

....safety and liveness properties [McL94] As expected, this makes it dicult to prove that a system is secure for such a property. Thus, it is especially desirable to have unwinding conditions which simplify such proofs. Nevertheless, unwinding of possibilistic security has been mostly neglected (see [GCS91,Rya91,Mil94] for exceptions) This article seeks to ll the gap by deriving unwinding conditions for a large class of possibilistic security properties. All unwinding conditions presented are sucient to guarantee security and some are also necessary. One novelty is that the unwinding conditions are based on ....

.... in a slightly di erent setting by exploiting a correspondence between security and process equivalence [RS99] The bene t was that the results could be achieved easily (like in our approach) Unwinding conditions for forward correctability, another possibilistic security property, were derived in [Mil94]. Again, the conditions are based on an equivalence relation. Although the unwinding conditions require the investigation of two step transitions (caused by the peculiarities of forward correctability) they yield a substantial improvement compared to investigating complete traces. The modular ....

Jonathan K. Millen. Unwinding Forward Correctability. In Proceedings of the Computer Security Foundations Workshop, pages 2-10, 1994.

No context found.

J. K. Millen, Unwinding Forward Correctability, in: Proc. of the IEEE Computer Security Foundations Workshop (CSFW'94), IEEE Computer Society Press, 1994, pp. 2-10.

No context found.

J. K. Millen. Unwinding Forward Correctability. In Proc. of 7th Computer Security Foundations Workshop, pages 2-10. IEEE, 1994.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC