Reasoning about Conndentiality Requirements
نویسنده
چکیده
Reeexive ow policies provide abstract characterizations of certain multilevel conndentiality requirements. This paper describes how reeexive ow policies can be used to construct and reason about large/complex multilevel policies. In particular, we describe how reeexive policies can be used to develop and reason about security policies for multilevel relational databases. Our approach facilitates a study of the relationship between security policy design and database design.
منابع مشابه
Specifying security for CSCW systems
CSCW systems provide computer support to facilitate cooperation between users. In this paper we propose an approach for the formal speciication of func-tionality requirements and conndentiality security requirements of a CSCW application. These requirements give rise to safety and conndentiality properties that a CSCW system, supporting the application, should uphold. The speciication technique...
متن کاملSecure Mediation: Requirements and Design
In this paper 1 we discuss the security requirements for mediation, and present our approach towards satisfying them, with an emphasis on conndentiality and authenticity. Furthermore we outline the design of the basic security mechanisms for mediators. Our basic approach suitably combines the concepts of credentials, for authentic authorization with some kind of anonymity , and of asymmetric en...
متن کاملSpecifying and Verifying Crypto-Protocols at the Design Level
The clear semantics of Abstract State Machines is tailored to the analysis of crypto-protocols in a realistic environment threatened by an active eavesdropper. The model is intermediate between the abstract approaches based on belief logics, and the lower level approaches based on traces of atomic actions. Properties are stated at the design level with little formal overhead, but reasoning abou...
متن کاملSpecifying Security for Computer Supported Collaborative Working
CSCW systems provide computer support to facilitate cooperation between users. This paper proposes an approach to the formal speciication of security requirements for CSCW applications, where a CSCW application is viewed as a collection of activities that users may participate in. The speciication approach is straightforward, and can be used to capture a wide variety of security requirements, i...
متن کاملUsing Trust Assumptions in Security Requirements Engineering
Assumptions about the trustworthiness of the various components of a system (including human components) can have a significant effect on the specifications derived from the system’s requirements. This position paper presents some early efforts to understand the relationships between general requirements, security requirements, and trust assumptions made during problem analysis. An outline of a...
متن کامل