A logic for reasoning about security
ACM Transactions on Computer Systems (TOCS)
| Hi-index | 0.01 |
This paper introduces and develops the concept of tolerable sets for analyzing general security requirements. Tolerable sets, and corresponding purging functions and invisibility based on the sets, are used to state and test such requirements. The approach used in this paper resulted from our attempt to apply the noninterference ideas of Goguen and Meseguer to the problem of stating special security requirements in the case of so-called trusted subjects. It turns out that the conditional purging function defined by Goguen and Meseguer is only one example, though an important one, of a conditional purging function. This paper provides a definition and characterization of a general class of purging functions similar to the purging function of Goguen and Meseguer. Furthermore, it relates purging and invisibility to security requirements. Some particular applications are described toward the end of the paper. At the end there are some critical remarks about purging functions.