A comment on the `basic security theorem' of Bell and LaPadula
Information Processing Letters
Communicating sequential processes
Communicating sequential processes
Beauty is our business
A CSP formulation of non-interference and unwinding
Cipher: IEEE Computer Society Technical Committee Newsletter on Security & Privacy
The Z notation: a reference manual
The Z notation: a reference manual
Programming from specifications (2nd ed.)
Programming from specifications (2nd ed.)
A classical mind
Specification and Validation of a Security Policy Model
IEEE Transactions on Software Engineering
Non-Interference Through Determinism
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Refinement of State-Based Concurrent Systems
VDM '90 Proceedings of the Third International Symposium of VDM Europe on VDM and Z - Formal Methods in Software Development
Refining Action Systems within B-Tool
FME '96 Proceedings of the Third International Symposium of Formal Methods Europe on Industrial Benefit and Advances in Formal Methods
VDM '91 Proceedings of the 4th International Symposium of VDM Europe on Formal Software Development-Volume 2: Tutorials
Decentralization of process nets with centralized control
PODC '83 Proceedings of the second annual ACM symposium on Principles of distributed computing
CSP and determinism in security modelling
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
To be generally useful a theory must be both intellectually sound and practically applicable. We consider the noninterference approach to security specification, focusing in particular on Roscoe's work on nondeterminism. This provides a starting point for reflecting on what features are desirable in a development method for secure systems. In an attempt to meet at least some of these requirements we use action systems which combine both event and state-based specification approaches. Using Butler's correspondence between action systems and CSP we define determinism and security properties directly in action systems. We give examples of the action system approach and discuss its advantages and disadvantages.