Affiliation:
1. Harvard University, Cambridge, MA
2. UNSW Australia, Sydney, NSW, Australia
Abstract
We demonstrate, by a number of examples, that information flow security properties can be proved from abstract architectural descriptions, which describe only the causal structure of a system and local properties of trusted components. We specify these architectural descriptions of systems by generalizing intransitive noninterference policies to admit the ability to filter information passed between communicating domains. A notion of refinement of such system architectures is developed that supports top-down development of architectural specifications and proofs by abstraction of information security properties. We also show that, in a concrete setting where the causal structure is enforced by access control, a static check of the access control setting plus local verification of the trusted components is sufficient to prove that a generalized intransitive noninterference policy is satisfied.
Funder
Australian Research Council Discovery
National Science Foundation
Air Force Office of Scientific Research
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference59 articles.
1. AADL 2009. Architecture Analysis and Design Language (AADL). SAE Standard AS5506/A. AADL 2009. Architecture Analysis and Design Language (AADL). SAE Standard AS5506/A.
2. The MILS architecture for high-assurance embedded systems;Alves-Foss Jim;International Journal of Embedded Systems,2006
3. Specification and Checking of Software Contracts for Conditional Information Flow
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献