Issue No.06 - June (1990 vol.16)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/32.55085
<p>A security property for trusted multilevel systems, restrictiveness, is described. It restricts the inferences a user can make about sensitive information. This property is a hookup property, or composable, meaning that a collection of secure restrictive systems when hooked together form a secure restrictive composite system. It is argued that the inference control and composability of restrictiveness make it an attractive choice for a security policy on trusted systems and processes.</p>
user inferences; hookup theorem; multilevel security; security property; trusted multilevel systems; restrictiveness; sensitive information; hookup property; composable; secure restrictive composite system; inference control; security policy; security of data; software engineering.
D. McCullough, "A Hookup Theorem for Multilevel Security", IEEE Transactions on Software Engineering, vol.16, no. 6, pp. 563-568, June 1990, doi:10.1109/32.55085