Extending the Noninterference Version of MLS for SAT
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Correctness and composition of software architectures
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Correct Architecture Refinement
IEEE Transactions on Software Engineering - Special issue on software architecture
What is Intransitive Noninterference?
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Refinement of Information Flow Architectures
ICFEM '97 Proceedings of the 1st International Conference on Formal Engineering Methods
CSP and determinism in security modelling
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Preserving Information Flow Properties under Refinement
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A refinement calculus for software components and architectures
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Information flow property preserving transformation of UML interaction diagrams
Proceedings of the eleventh ACM symposium on Access control models and technologies
Computer
Architecture-based refinements for secure computer systems design
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Secure Systems Development with UML
Secure Systems Development with UML
Preserving security properties under refinement
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Analysing the information flow properties of object-capability patterns
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Hi-index | 0.00 |
This paper deals with architectural designs that specify components of a system and the permitted flows of information between them. In the process of systems development, one might refine such a design by viewing a component as being composed of subcomponents, and specifying permitted flows of information between these subcomponents and others in the design. The paper studies the soundness of such refinements with respect to a spectrum of different semantics for information flow policies. These include Goguen and Meseguer's purge-based definition, Haigh and Young's intransitive purge-based definition, and some more recent notions TA-security, TO-security and ITO-security defined by van der Meyden. It is also shown that refinement preserves weak access control structure, an implementation mechanism that ensures TA-security.