A Formal Method for the Abstract Specification of Software
Journal of the ACM (JACM)
A security model for military message systems
ACM Transactions on Computer Systems (TOCS)
A comment on the `basic security theorem' of Bell and LaPadula
Information Processing Letters
Cryptography and data security
Cryptography and data security
Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
A graduate course in computing security technology
SIGCSE '93 Proceedings of the twenty-fourth SIGCSE technical symposium on Computer science education
A General Theory of Composition for a Class of "Possibilistic" Properties
IEEE Transactions on Software Engineering
Provably secure programming languages for remote evaluation
ACM Computing Surveys (CSUR) - Special issue: position statements on strategic directions in computing research
Multicast security and its extension to a mobile environment
Wireless Networks
New paradigms for high assurance software
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
An Application of Formal Analysis to Software in a Fault-Tolerant Environment
IEEE Transactions on Computers
A Per Model of Secure Information Flow in Sequential Programs
Higher-Order and Symbolic Computation
A Per Model of Secure Information Flow in Sequential Programs
ESOP '99 Proceedings of the 8th European Symposium on Programming Languages and Systems
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Securing Communication in a Concurrent Language
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Automatic placement of authorization hooks in the linux security modules framework
Proceedings of the 12th ACM conference on Computer and communications security
NETRA:: seeing through access control
Proceedings of the fourth ACM workshop on Formal methods in security
A review of information security issues and respective research contributions
ACM SIGMIS Database
Enforcing provisioning and authorization policy in the Antigone system
Journal of Computer Security
Security Functional Components for Building a Secure Network Computing Environment
Information Systems Security
On a formal framework for security properties
Computer Standards & Interfaces
IT-security and privacy: design and use of privacy-enhancing security mechanisms
IT-security and privacy: design and use of privacy-enhancing security mechanisms
A formal approach to security architectures
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
A new trust framework for resource-sharing in the grid environment
ICCS'05 Proceedings of the 5th international conference on Computational Science - Volume Part III
Capabilities for information flow
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Leveraging "choice" to automate authorization hook placement
Proceedings of the 2012 ACM conference on Computer and communications security
Enforcing confidentiality in relational databases by reducing inference control to access control
ISC'07 Proceedings of the 10th international conference on Information Security
| Hi-index | 4.10 |
A description is given of computer security models in general and the model of D. Bell and L. LaPadula (Tech. Rep. MTR-2997, Mitre Corp., 1976) in particular. The Bell and LaPadula (BLP) model is the backbone of the National Computer Security Center's evaluation process for trusted computer systems. Although discretionary access control is briefly addressed, the focus is on mandatory access control (MAC) in national security. However, the issues addressed are relevant to any setting in which MAC-like restrictions arise. It is shown that security is a fruitful research area for those interested in software specification, since some of the most difficult issues in specifying security have analogs in other domains. The limitations of the BLP model are examined. For example, it has little relevance for systems in which users can change their own security levels or those of their files, and it is inadequate for expressing requirements that certain operations cannot be performed by a single individual working alone. It is shown how BLP's limitations can be remedied by a framework of models, making it more useful to those interested in industrial security.