Issue No. 06 - June (1990 vol. 16)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/32.55085
<p>A security property for trusted multilevel systems, restrictiveness, is described. It restricts the inferences a user can make about sensitive information. This property is a hookup property, or composable, meaning that a collection of secure restrictive systems when hooked together form a secure restrictive composite system. It is argued that the inference control and composability of restrictiveness make it an attractive choice for a security policy on trusted systems and processes.</p>
user inferences; hookup theorem; multilevel security; security property; trusted multilevel systems; restrictiveness; sensitive information; hookup property; composable; secure restrictive composite system; inference control; security policy; security of data; software engineering.
D. McCullough, "A Hookup Theorem for Multilevel Security," in IEEE Transactions on Software Engineering, vol. 16, no. , pp. 563-568, 1990.