A Dual Framework for High Assurance Distributed Object Security

High assurance security is extremely di cult to acheive in distributed computer systems due to their inherent non-determinism and heterogeneity. The practical application of formal methods is the key to high assurance security in open, distributed environments. This paper presents a methodology that applies formal methods within a dual framework to achieve secure interoperation of heterogeneous distributed objects. The framework is composed of two hierarchies, one containing the formal operational semantics of a distributed system and the other containing its axiomatic semantics in higher order logic. The foundation for the framework is provided by ROC, a process calculus tailored to concurrent and distributed objects. Successive layers in the hierarchies contain semantics for more abstract object models. The operational layers are endowed with ROC's formal semantics and can be used to derive axiomatic semantics for dual axiomatic layers. The axiomatic hierarchy contains HOL semantics for each layer of abstraction and thus supports high{level reasoning