A security model of dynamic labelling providing a tiered approach to verification

Author

Foley, Simon N. ; Gong, Li ; Qian, Xiaolei

Author_Institution

Dept. of Comput. Sci., Univ. Coll. Cork, Ireland

fYear

1996

fDate

6-8 May 1996

Firstpage

142

Lastpage

153

Abstract

In the proposed mandatory access control model, arbitrary, label changing policies can be expressed. The relatively simple model can capture a wide variety of security policies, including high-water marks, downgrading, separation of duties, and Chinese Walls. The model forms the basis for a tiered approach to the formal development of secure systems, whereby security verification can be spread across what makes up the reference monitor and the security requirement specification. The advantage of this approach is that once a trusted computing base (TCB) is in place, reconfiguring it for different security requirements requires verification of just the new requirements. We illustrate the approach with a number of examples, including one policy that permits high-level subjects to make relabelling requests on low-level objects; the policy is multilevel secure

Keywords

formal verification; security of data; dynamic labelling; high-water marks; label changing policies; mandatory access control; reference monitor; secure systems; security model; security requirement specification; security verification; trusted computing base; verification; Access control; Computer science; Contracts; Data security; Educational institutions; Information security; Labeling; Lattices; Monitoring; Permission;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on

Conference_Location

Oakland, CA

ISSN

1081-6011

Print_ISBN

0-8186-7417-2

Type

conf

DOI

10.1109/SECPRI.1996.502677

Filename

502677