This Article 
 Bibliographic References 
 Add to: 
Miro: Visual Specification of Security
October 1990 (vol. 16 no. 10)
pp. 1185-1197

Miro is a set of languages and tools that support the visual specification of file system security. Two visual languages are presented: the instance language, which allows specification of file system access, and the constraint language, which allows specification of security policies. Miro visual languages and tools are used to specify security configurations. A visual language is one whose entities are graphical, such as boxes and arrows, specifying means stating independently of any implementation the desired properties of a system. Security means file system protection: ensuring that files are protected from unauthorized access and granting privileges to some users, but not others. Tools implemented and examples of how these languages can be applied to real security specification problems are described.

[1] A. L. Ambler and M. M. Burnett, "Visual languages and the conflict between single assignment and iteration," inProc. 1989 IEEE Workshop Visual Languages, Rome, Italy, Oct. 1989, pp. 138-143.
[2] D. E. Bell and L. J. LaPadula, "Secure computer systems: Mathematical foundations" (3 volumes), MITRE Corp., Bedford, MA, Tech. Rep. AD-770 768, AD-771 543, AD-780 528, Nov. 1973.
[3] T. Benzel, "Analysis of a kernel verification," inProc. 1984 IEEE Symp. Security and Privacy, Oakland, CA, May 1984, pp. 125-131.
[4] "Trusted computer system evaluation criteria," Comput. Security Center, U.S. Dep. Defense, Fort Meade, MD, Tech. Rep. CSC-STD- 001-83, Mar. 1985.
[5] Harel, D., "On Visual Formalisms,"Comm. ACM, Vol. 31, No. 5, 1988, pp. 514-530.
[6] A. Heydon, M. W. Maimone, J. D. Tygar, J. M. Wing, and A. Moormann Zaremski, "Constraining pictures with pictures," inProc. IFIP 11th World Computer Congress, San Francisco, CA, Aug. 1989, pp. 157-162.
[7] A. Heydon, M. W. Maimone, J. D. Tygar, J. M. Wing, and A. Moormann Zaremski, "Mirótools," inProc. 1989 IEEE Workshop Visual Languages, Oct. 1989, pp. 86-91.
[8] C. Hoffman,Group-Theoretic Algorithms and Graph Isomorphism. New York: Springer-Verlag, 1982.
[9] M. E. Kopache and E. P. Glinert, "C2: A mixed textual/graphical environment for C," inProc. IEEE Workshop Visual Languages. 1988, pp. 231-238.
[10] B. W. Lampson, "Protection," inProc. Fifth Annu. Princeton Conf. Information Science Systems, 1971, pp. 437-443; reprinted inACM Operat. Syst. Rev., vol. 8, no. 1, pp. 18-24, Jan. 1974.
[11] E. Luks, "Isomorphism of graphs of bounded valence can be tested in polynomial time," inProc. 21st Annu. Symp. Foundations of Computer Science, 1980, pp. 42-49.
[12] M. W. Maimone, J. D. Tygar, and J. M. Wing, "Formal semantics for visual specification of security," inVisual Languages and Visual Programming, S. K. Chang, Ed. New York: Plenum, 1990; a preliminary version of this paper appeared inProc. 1988 IEEE Workshop Visual Languages, Oct. 1988, pp. 45-51.
[13] J. McLean, "A comment on the "Basic security theorem" of Bell and LaPadula,"Inform. Processing Lett., vol. 20, pp. 67-70, 1985.
[14] J. McLean, "Reasoning about security models," inProc. 1987 IEEE Symp. Security and Privacy, Oakland, CA, Apr. 1987, pp. 123-131.
[15] B. A. Myers, "The Garnet user interface development environment: A proposal," Dep. Comput. Sci., Carnegie-Mellon Univ., Sept. 1988.
[16] P. G. Neumann, R. S. Boyer, R. J. Feiertag, K. N. Levitt, and L. Robinson, "A provably secure operating system: The system, its applications, and proofs, second edition," SRI, Tech. Rep. CSL-116, May 1980.
[17] M. Rabin and J. D. Tygar, "An integrated toolkit for operating system security," Aiken Computation Lab., Harvard Univ., Tech. Rep. TR-05-87, May 1987.
[18] R. Read and D. Corneil, "The graph isomorphism disease,"J. Graph Theory, vol. 1, pp. 339-363, 1977.
[19] M. Satyanarayan,et al., The ITC distributed file system: Principles and design," inProc. 10th Symp. Operating System Principles, Orcas Island, WA, Dec. 1985, pp. 35-50.
[20] J. D. Tygar and R. Ellickson, "Efficient netlist comparison using hierarchy and randomization," inProc. 22nd ACM/IEEE Design Automation Conf., 1985, pp. 702-708.
[21] J. D. Tygar and J. M. Wing, "Visual specification of security constraints," inProc. 1987 IEEE Workshop Visual Languages, Linkoping, Sweden, Aug. 1987.

Index Terms:
Miro; visual specification of security; file system security; instance language; constraint language; tools; boxes; arrows; security specification problems; security of data; specification languages; visual programming
A. Heydon, M.W. Maimone, J.D. Tygar, J.M. Wing, A.M. Zaremski, "Miro: Visual Specification of Security," IEEE Transactions on Software Engineering, vol. 16, no. 10, pp. 1185-1197, Oct. 1990, doi:10.1109/32.60298
Usage of this product signifies your acceptance of the Terms of Use.