Towards the formal modeling of a secure operating system (2000) [1 citations — 1 self]
|
Abstract:
To construct a secure operating system with high assurance, it is essential that the security architecture of the operating system can be analyzed vigorously and that the architecture can be easily understood by engineers who translate the design into code. In this paper we describe a partial model of the security policies of an operating system which implements a variant of the Bell-LaPadula model. In particular, we describe the privileges of trusted subjects and how they are used in granting accesses. We use a combination of an object-oriented modeling technique, the Unified Modeling Language (UML), and a mathematically-based formal method called Higher-Order Logic (HOL). UML provides a visual, intuitive model that is easy to write and easily understood by engineers. HOL provides a rigorous model whose properties can be mechanically proved, thus allowing the correctness of the model to be established. UML models provide the structure for natural language descriptions and HOL models. HOL models add precise semantics to both text descriptions and UML models. 1
