P. G. Neumann, "On Hierarchical Designs of Computer Systems for Critical Applications, " IEEE Trans. Software Eng., SE--12, no. 9, Sept. 1986, pp. 905--920. Home/Search Document Not in Database Summary Related Articles Check |
This paper is cited in the following contexts:
Determining Role Rights from Use Cases - Fernandez, Hawkins (1997) (11 citations) (Correct)
....and it is clear that they should be the only way to interact with the system. The user views should have access to the set of authorization rules to allow or deny access to the conceptual objects in the system (Figure 5) Clearly, the lower levels must participate in the enforcement of the rules [Fern95a, Neum86], the user should not be able to bypass the authorization defined in the views. Approaches such as capabilities, cryptography, etc. are valuable for this purpose but security restrictions should not be defined at these levels, these approaches only enforce the rules defined at the application ....
P. G. Neumann, "On hierarchical design of computer systems for critical applications," IEEE Transactions on Software Engineering , September 1986, pp. 905-920.
A Safety Kernel Architecture - Kevin Wika John (1994) (1 citation) (Correct)
....is designed to prevent the system from entering the unsafe state and return it to a known safe state. This safety kernel concept is similar in function to the one proposed by Leveson, et al., serving as a monitor with no clear means of actually enforcing safety policies for a system. Neumann [7] considers the idea of a safety trusted computing base as a part of his examination of whether the hierarchical design familiar in secure systems could be gener A Safety Kernel Architecture Page 6 alized to other critical applications. In describing a hierarchical design approach, Neumann ....
Neumann, P. G., "On Hierarchical Design of Computer Systems for Critical Applications, " IEEE Transactions on Software Engineering, Vol. SE-12, pp. 905-920, September 1986.
A Communication Architecture for Critical Distributed.. - Panzieri, Roccetti (1998) (Correct)
....the plant. Finally, it is worth pointing out that security requirements are of primary importance in the UBLCS 98 7 3 2 Critical DMMAs design of a power plant control system; however, those requirements can be hardly met in the absence of a reliable system behaviour, as discussed at length in [41]. Distributed auction bidding. It is required to design an electronic auction bidding system that can be used to carry out auctions, such as those held at Sotheby s and Christies . The principal requirements to be met by one such system can be summarized as follows. 1. Participants from ....
P.G. Neumann, On Hierarchical Design of Computer Systems for Critical Applications, IEEE Trans. on Software Engineering, Vol. SE-12, No. 9, 1986, pp. 905 - 920.
A Safety Kernel for Traffic Light Control - Ammann (1994) (Correct)
....computing base. The fact that security predicates can be viewed as a special case of safety predicates has prompted various researchers to suggest adapting security techniques for application to other safety critical software. In particular, the idea of a kernel has been considered for safety [LSST83, Neu86, Rus89, WK94]. Proposals for safety kernels differ in subtle but important ways. Rushby makes a precise and convincing theoretical case for safety kernels [Rus89] and this paper adopts Rushby s model, which from here on is referred to as a Rushby kernel. For a Rushby kernel to enforce safety, two conditions ....
Peter G. Neumann. On hierarchical design of computer systems for critical applications. IEEE Transactions on Software Engineering, SE-12(9):905--920, September 1986.
System and Software Safety in Critical Systems - Isaksen, Bowen, Nissanke (1996) (1 citation) (Correct)
....behaviour, also called graceful degradation . It means that the system, in the event of certain faults, will continue to provide some service but with degraded performance or reduced functionality in order to compensate for the fault(s) cf. Leveson Stolzy [76] Sometimes, see Neumann [96], fail soft is defined as degradation in performance only. With such a definition fail soft and fail op behaviour will be one and the same thing if performance is not included in the requirements. It should also be noted that real systems are seldom only fail safe or fail op . Rather the ....
P. G. Neumann. On hierarchical design of computer systems for critical appplications. IEEE Trans. on Software Engineering, 12(9):905--920, September 1986.
Analysis of a Technical Description of the Airbus A320 Braking.. - Ladkin (1995) (2 citations) (Correct)
....predicates, called a lowerlevel . The methodology of specification and verification using hierarchical decomposition was pioneered by Dijkstra [Dij68] and extensively developed by Parnas [Par72, Par74] Milestone systems to use this approach were SRI s PSOS [NBF 80] and SIFT [Wen78] See [Neu86] for a recent contribution to this area. We use state of the art logical methods, the predicate action diagrams of Lamport [Lam94b] which despite having a logically rigorous meaning concerning the states and actions of a system, require little more of the user than what she must know and use ....
P.G. Neumann. On hierarchical design of computer systems for critical applications. IEEE Transactions on Software Engineering, SE-12(9):905--920, September 1986.
Safety Kernel Enforcement of Software Safety Policies - Wika (1995) (1 citation) (Correct)
....kernels in that security policies are more global (describing what) while those used here specify responses to particular errors (describing how) The distinction is made to demonstrate that the term kernel, as used here, is not directly analogous to its use in the security context. Neumann [40] considers the idea of a safety trusted computing base as a part of his examination of whether the hierarchical design familiar in secure systems could be generalized to other critical applications. In describing a hierarchical design approach Neumann relies on the standard uses relation [42] ....
Neumann, P. G., "On Hierarchical Design of Computer Systems for Critical Applications, " IEEE Transactions on Software Engineering Vol. SE-12 (September 1986) pp. 905-920.
Synchronization Support and Group-Membership Services for.. - Fabio Panzieri (1997) (Correct)
....the number of monitored sites in the plant. Finally, it is worth pointing out that security requirements are of primary importance in the design of a power plant control system; however, those requirements can be hardly met in the absence of a reliable system behaviour, as discussed at length in [33]. Distributed auction bidding. It is required to design an electronic auction bidding system that can be used to carry out auctions, such as those held at Sotheby s and Christies . The principal requirements to be met by one such system can be summarized as follows. 1. Participants from different ....
Neumann PG (1986) On Hierarchical Design of Computer Systems for Critical Applications. IEEE Trans on Software Engineering, Vol. SE-12, No. 9, pp. 905 - 920.
Dealing with Security Requirements during the Development of.. - Chung (1993) (9 citations) (Correct)
No context found.
P. G. Neumann, "On Hierarchical Designs of Computer Systems for Critical Applications, " IEEE Trans. Software Eng., SE--12, no. 9, Sept. 1986, pp. 905--920.
Analyzing Software Requirements Errors in Safety-Critical.. - Lutz (1993) (42 citations) (Correct)
No context found.
P. G. Neumann, "On Hierarchical Design of Computer Systems for Critical Applications, " IEEE Transactions on Software Engineering SE-12, 9, Sept 1986, pp. 905--920.
Security Requirements For Cryptographic Modules - Computer (1994) (Correct)
No context found.
Neumann, Peter G., On hierarchical design of computer systems for critical applications, IEEE Transactions on Software Engineering, Volume SE-12, Number 9, September 1986, pp. 905-920.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC