Lattice-Based Access Control Models
Computer
Enriching the Expressive Power of Security Labels
IEEE Transactions on Knowledge and Data Engineering
Verification of a Formal Security Model for Multiapplicative Smart Cards
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
What is Intransitive Noninterference?
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Absorbing covers and intransitive non-interference
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
The multics system: an examination of its structure
The multics system: an examination of its structure
Refinement of State-Based Systems: ASMs and Big Commuting Diagrams (Abstract)
ABZ '08 Proceedings of the 1st international conference on Abstract State Machines, B and Z
Abstract Specification of the UBIFS File System for Flash Memory
FM '09 Proceedings of the 2nd World Congress on Formal Methods
| Hi-index | 0.00 |
We present two generic formal security models for operating systems of multiapplicative smart cards. The models formalize the main security aspects of secrecy, integrity, secure communication between applications and secure downloading of new applications. The first model is as abstract as possible, whereas the second extends the first by adding practically relevant issues such as a structured file system. The models satisfy a common security policy consisting of authentication and intransitive noninterference. The policy extends the classical security policy of Bell/LaPadula and Biba models, but avoids the need for trusted processes that are allowed to circumvent the security policy. Instead trusted processes are incorporated directly in the model itself and are subject to the security policy. The security policy has been formally proven to be correct for both models.