A security model for military message systems
ACM Transactions on Computer Systems (TOCS)
Selective and locally controlled transport of privileges
ACM Transactions on Programming Languages and Systems (TOPLAS) - Lecture notes in computer science Vol. 174
Operating system concepts (2nd ed.)
Operating system concepts (2nd ed.)
The theory of database concurrency control
The theory of database concurrency control
Extending the Noninterference Version of MLS for SAT
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Security in computing
Building a secure computer system
Building a secure computer system
Social processes and proofs of theorems and programs
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Protection in operating systems
Communications of the ACM
Proof of separability: A verification technique for a class of a security kernels
Proceedings of the 5th Colloquium on International Symposium on Programming
Protection in the Hydra Operating System
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
The Multics kernel design project
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Practical take-grant systems: do they exist?
Practical take-grant systems: do they exist?
A formal protection model of security in distributed systems
A formal protection model of security in distributed systems
A new security policy for distributed resource management and access control
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
| Hi-index | 0.00 |
One way to show that a system is not secure is to demonstrate that a malicious or mistake-prone user or program can break security by causing the system to reach a nonsecure state. A fundamental aspect of a security model is a proof that validates that every state reachable from a secure initial state is secure. A sequential security model assumes that every command that acts as a state transition executes sequentially, while a concurrent security model assumes that multiple commands execute concurrently. This paper presents a security model called the Centralized-Parallel-Distributed model (CPD model) that defines security for logically, or physically centralized, parallel, and distributed systems. The purpose of the CPD model is to define concurrency conditions that guarentee that a concurrent system cannot reach a state in which privileges are configured in a nonsecure manner. As an example, the conditions are used to construct a representation of a distributed system.