A technique for software module specification with examples
Communications of the ACM
A note on the confinement problem
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
COOPERATION OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY
COOPERATION OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY
Protection in programmed systems.
Protection in programmed systems.
Secure information flow in computer systems.
Secure information flow in computer systems.
The multics system: an examination of its structure
The multics system: an examination of its structure
On the Identification of Covert Storage Channels in Secure Systems
IEEE Transactions on Software Engineering
Data Dependency Graphs for Ada Programs
IEEE Transactions on Software Engineering
Secure databases: protection against user influence
ACM Transactions on Database Systems (TODS)
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
An Axiomatic Approach to Information Flow in Programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Certifying information flow properties of programs: an axiomatic approach
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A hardware architecture for controlling information flow
ISCA '78 Proceedings of the 5th annual symposium on Computer architecture
Possibility theory: As a means for modeling computer security and protection
MVL '78 Proceedings of the eighth international symposium on Multiple-valued logic
Protection in the Hydra Operating System
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Information transmission in computational systems
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
A mechanism for information control in parallel systems
SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
Dynamic label binding at run-time
Proceedings of the 2003 workshop on New security paradigms
Architectural approaches to secure databases
ACM SIGSMALL Newsletter
IBM Systems Journal
On declassification and the non-disclosure policy
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems
Proceedings of the 2012 workshop on New security paradigms
| Hi-index | 0.03 |
Security policies define who may use what information in a computer system. Protection mechanisms are built into a system to enforce security policies. In most systems, however, it is quite unclear what policies a mechanism can or does enforce. This paper defines security policies and protection mechanisms precisely and bridges the gap between them with the concept of soundness: whether a protection mechanism enforces a policy. Different sound protection mechanisms for the same policy can then be compared. We also show that the “union” of mechanisms for the same program produces a more “complete” mechanism. Although a “maximal” mechanism exists, it cannot necessarily be constructed.