This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A Hookup Theorem for Multilevel Security
June 1990 (vol. 16 no. 6)
pp. 563-568

A security property for trusted multilevel systems, restrictiveness, is described. It restricts the inferences a user can make about sensitive information. This property is a hookup property, or composable, meaning that a collection of secure restrictive systems when hooked together form a secure restrictive composite system. It is argued that the inference control and composability of restrictiveness make it an attractive choice for a security policy on trusted systems and processes.

[1] D. E. Bell and L. J. LaPadula, "Secure computer system: Unified exposition and multics interpretation," Electron. Syst. Division, AFSC, Hanscom AF Base, Bedford, MA, Tech. Rep. ESD-TR-75-306, 1976.
[2] J. A. Goguen and J. Meseguer, "Security policies and security models," inProc. 1982 IEEE Symp. Security and Privacy.
[3] J. A. Goguen and J. Meseguer, "Unwinding and inference control," inProc. 1984 IEEE Symp. Security and Privacy.
[4] C.A.R. Hoare,Communicating Sequential Processes, Prentice Hall, Englewood, N.J., 1985.
[5] D. McCullough, "Foundations of Ulysses: The theory of security," Odyssey Research Associates, Ithaca, NY, Tech. Rep., 1988.
[6] D. McCullough, "Specifications for multilevel security and a hookup property," inProc. 1987 IEEE Symp. Security and Privacy.
[7] D. McCullough, "Covert channels and degrees of insecurity," inProc. 1988 Franconia Computer Security Foundations Workshop: The Mitre Corporation.
[8] R. Milner,A Calculus of Communicating Systems (Lecture Notes in Computer Science 92). New York: Springer-Verlag, 1980.
[9] D. Sutherland, "A model of information," inProc. 9th Nat. Comput. Security Conf., 1986.

Index Terms:
user inferences; hookup theorem; multilevel security; security property; trusted multilevel systems; restrictiveness; sensitive information; hookup property; composable; secure restrictive composite system; inference control; security policy; security of data; software engineering.
Citation:
D. McCullough, "A Hookup Theorem for Multilevel Security," IEEE Transactions on Software Engineering, vol. 16, no. 6, pp. 563-568, June 1990, doi:10.1109/32.55085
Usage of this product signifies your acceptance of the Terms of Use.