Lessons learned using alloy to formally specify MLS-PCA trusted security architecture

Authors:
Brant Hashii
Affiliations:
Northrop Grumman Corporation
Venue:
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Year:
2004

Citing 11
Cited 0

Authentication and authenticated key exchanges

Designs, Codes and Cryptography
Cost profile of a highly assured, secure operating system

ACM Transactions on Information and System Security (TISSEC)
A micromodularity mechanism

Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
Lattice-Based Access Control Models

Computer
Verification of a Formal Security Model for Multiapplicative Smart Cards

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
A Model of Cooperative Noninterference for Integrated Modular Avionics

DCCA '99 Proceedings of the conference on Dependable Computing for Critical Applications
Design and verification of secure systems

SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
MAGE: A Distributed Programming Model

ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
BLACKER: Security for the DDN, Examples of A1 Security Engineering Trades

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Compact FPGA-based True and Pseudo Random Number Generators

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
MLS-PCA: A High Assurance Security Architecture for Future Avionics

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.02

Visualization

Abstract

In order to solve future Multi Level Security (MLS) problems, we have developed a solution based on the DARPA Polymorphous Computing Architecture (PCA). MLS-PCA uses a novel distributed process-level encryption scheme to provide high assurance separation between different security levels. High level security evaluations of the TCSEC and Common Criteria require formal specification. Further, in order to enhance our understanding of the model and to facilitate a high assurance implementation, we have formally specified the architecture in Alloy. This paper presents our efforts to produce the formal model and what we have learned from it. We found a number of errors and initiated design changes as a result of the modeling effort.