Abstract
The paper introduces a formal security model for a microprocessor hardware system. The model has been developed as part of the evaluation process of the processor product according to ITSEC assurance level E4. Novel aspects of the model are the need for defining integrity and confidentiality objectives on the hardware level without the operating system or application specification and security policy being given, and the utilisation of an abstract function and data space. The security model consists of a system model given as a state transition automaton on infinite structures, and the formalisation of security objectives by means of properties of automaton behaviours. Validity of the security properties is proved. The paper compares the model with published ones and summarises the lessons learned throughout the modelling process.
Chapter PDF
Similar content being viewed by others
References
Bell, D. E., Len LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. NTIS AD-A023588, MTR 2997, ESD-TR-75-306, MITRE Corporation, Bedford, MA, 1976.
Bell, D.E. Concerning “Modelling” of Computer Security. Proc. of the IEEE Symp. on Security and Privacy 1988, 8–13.
Biba, K.J. Integrity Considerations for Secure Computer Systems. NTIS AD-A039 324, MTR 3153,ESD-TR-76-372, MITRE Corporation, Bedford, MA, 1977.
Broy, M. Towards a Logical Basis for Systems Engineering. Working Material of the 1998 Marktoberdorf Summer School on Calculational System Design 1998. Also to appear in: Broy, M.(ed.) Calculational System Design.Springer Verlag, NATO ASI Series F.
Clark, D.C., D.R. Wilson. Evolution of a Model for Computer Integrity. Report of the Invitational Workshop on Data Integrity, NIST Publ. 500–168, 1989, Sect. A2, 1-3.
Denning, D.E. A Lattice Model of Secure Information Flow. Comm. ACM Vol. 19, No. 5 (1976), 236–243.
Goguen, J.A., J. Meseguer. Security Policies and Security Models. Proc. of the IEEE Symp. on Security and Privacy 1982, 11–20.
Commission of the European Communities. Information Technology Security Evaluation Criteria (ITSEC). June 1991
Kessler, Volker. On the Chinese Wall Model. Proc. of the 2nd European Symposium on Research in Computer Security (ESORICS 92) Toulouse, Springer LNCS 648, 41–54.
Kessler, Volker, und Sibylle Mund. Sicherheitsmodelle-Baupläne für die Entwick lung sicherer Systeme. Siemens AG, Zentralabteilung Forschung und Entwicklung, München 1993.
Lotz, Volkmar, Volker Kessler, Georg Walter. Ein formales Sicherheitsmodell. Part of the evaluation documentation (internal paper), 1999.
McLean, John. Reasoning about Security Models. Proc. of the IEEE Symp. on Security and Privacy 1987, 123–131.
Paulson, L.C. The inductive approach to verifying cryptographic protocols. J. Computer Security 6, 1998, 85–128.
Schneider, S. Security Properties and CSP. Proc. of the IEEE Symp. on Security and Privacy 1996.
Terry, P., S. Wiseman. A “New” Security Policy Model. Proc. of the IEEE Symp. on Security and Privacy 1989, 215–228.
Thomas, Wolfgang. Automata on Infinite Objects. in: van Leeuwen, Jan (ed.). Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics. Elsevier, Amsterdam, 1990.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lotz, V., Kessler, V., Walter, G. (1999). A Formal Security Model for Microprocessor Hardware. In: Wing, J.M., Woodcock, J., Davies, J. (eds) FM’99 — Formal Methods. FM 1999. Lecture Notes in Computer Science, vol 1708. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48119-2_40
Download citation
DOI: https://doi.org/10.1007/3-540-48119-2_40
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66587-8
Online ISBN: 978-3-540-48119-5
eBook Packages: Springer Book Archive