Requirements modeling for embedded realtime systems
MBEERTS'07 Proceedings of the 2007 International Dagstuhl conference on Model-based engineering of embedded real-time systems
| Hi-index | 0.00 |
Military systems that process classified informationmust operate in a secure manner; that is, they mustadequately protect information against unauthorizeddisclosure, modification, and withholding. A goal ofcurrent research in computer security is to facilitate theconstruction of multilevel secure systems, systems thatprotect information of different classifications from userswith different clearances. Security models are used todefine the concept of security embodied by a computersystem. A single model, called the Bell and LaPadulamodel, has dominated recent efforts to build securesystems but has deficiencies. We are developing a newapproach to defining security models based on the ideathat a security model should be derived from a specificapplication. To evaluate our approach, we haveformulated a security model for a family of militarymessage systems. This paper introduces the messagesystem application, describes the problems of using theBell-LaPadula model in real applications, and presentsour security model both informally and formally.Significant aspects of the security model are its definitionof multilevel objects and its inclusion of application-dependentsecurity assertions. Prototypes based on thismodel are being developed.Categories and Subject Descriptors: C.2.0 [Computer-CommunicationNetworks]: General--Security andprotection; D.4.6 [Operating Systems]: Security andProtection--access controls; information flow controls;verification; F.3.1 [Logics and Meaning of Programs]:Specifying and Verifying and Reasoning about Programs--assertions; invariants; specification techniques; H.4.3[Information Systems Applications]: CommunicationsApplications--electronic mail