A Hookup Theorem for Multilevel Security

Publication
1990
Issue No. 6 - June
Abstract - A Hookup Theorem for Multilevel Security

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by D. McCullough

June 1990 (vol. 16 no. 6)

pp. 563-568

	ASCII Text	x
	D. McCullough, "A Hookup Theorem for Multilevel Security," IEEE Transactions on Software Engineering, vol. 16, no. 6, pp. 563-568, June, 1990.

	BibTex	x
	@article{ 10.1109/32.55085, author = {D. McCullough}, title = {A Hookup Theorem for Multilevel Security}, journal ={IEEE Transactions on Software Engineering}, volume = {16}, number = {6}, issn = {0098-5589}, year = {1990}, pages = {563-568}, doi = {http://doi.ieeecomputersociety.org/10.1109/32.55085}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Software Engineering TI - A Hookup Theorem for Multilevel Security IS - 6 SN - 0098-5589 SP563 EP568 EPD - 563-568 A1 - D. McCullough, PY - 1990 KW - user inferences; hookup theorem; multilevel security; security property; trusted multilevel systems; restrictiveness; sensitive information; hookup property; composable; secure restrictive composite system; inference control; security policy; security of data; software engineering. VL - 16 JA - IEEE Transactions on Software Engineering ER -

D. McCullough

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/32.55085

A security property for trusted multilevel systems, restrictiveness, is described. It restricts the inferences a user can make about sensitive information. This property is a hookup property, or composable, meaning that a collection of secure restrictive systems when hooked together form a secure restrictive composite system. It is argued that the inference control and composability of restrictiveness make it an attractive choice for a security policy on trusted systems and processes.

[1] D. E. Bell and L. J. LaPadula, "Secure computer system: Unified exposition and multics interpretation," Electron. Syst. Division, AFSC, Hanscom AF Base, Bedford, MA, Tech. Rep. ESD-TR-75-306, 1976.
[2] J. A. Goguen and J. Meseguer, "Security policies and security models," inProc. 1982 IEEE Symp. Security and Privacy.
[3] J. A. Goguen and J. Meseguer, "Unwinding and inference control," inProc. 1984 IEEE Symp. Security and Privacy.
[4] C.A.R. Hoare,Communicating Sequential Processes, Prentice Hall, Englewood, N.J., 1985.
[5] D. McCullough, "Foundations of Ulysses: The theory of security," Odyssey Research Associates, Ithaca, NY, Tech. Rep., 1988.
[6] D. McCullough, "Specifications for multilevel security and a hookup property," inProc. 1987 IEEE Symp. Security and Privacy.
[7] D. McCullough, "Covert channels and degrees of insecurity," inProc. 1988 Franconia Computer Security Foundations Workshop: The Mitre Corporation.
[8] R. Milner,A Calculus of Communicating Systems (Lecture Notes in Computer Science 92). New York: Springer-Verlag, 1980.
[9] D. Sutherland, "A model of information," inProc. 9th Nat. Comput. Security Conf., 1986.

Index Terms:

user inferences; hookup theorem; multilevel security; security property; trusted multilevel systems; restrictiveness; sensitive information; hookup property; composable; secure restrictive composite system; inference control; security policy; security of data; software engineering.

Citation:

D. McCullough, "A Hookup Theorem for Multilevel Security," IEEE Transactions on Software Engineering, vol. 16, no. 6, pp. 563-568, June 1990, doi:10.1109/32.55085

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.