Security through type analysis
The objective of the work reported in this paper is to develop very low cost techniques for demonstrating that the trusted software for a secure system has the security properties claimed for it. The approach also supports integrity properties. The approach is based on type checking, which ensures that operations cannot be called with arguments they should not handle. This paper presents an informal technical description of the work with respect to a particular case study. An outline of the type checking algorithm is given in an appendix.
KeywordsTypes formal techniques secure computer systems security evaluation
Unable to display preview. Download preview PDF.
- 1.B. A. Wichmann, Insecurities in the Ada programming language, NPL report DITC 137/89, National Physical Laboratory, Teddington 1989.Google Scholar
- 2.K. A. Nyberg, The annotated Ada reference manual (2nd edition), Grebyn corporation, 1992.Google Scholar
- 3.C.O'Halloran, BOOTS, a secure CCIS., DRA, Malvern Report 92002 1992.Google Scholar
- 4.J.A. Goguen and J. Meseguer, Security policies and security models, Proceedings 1982 IEEE Symposium on Security and Privacy, Oakland.Google Scholar
- 5.J. Jacob, Specifying Security Properties, in Developments in Concurrency and Communication C. A. R. Hoare, editor. The Proceedings of the Year of Programming Institute in Concurrent Programming), Addison Wesley, 1990Google Scholar
- 6.C.A.R. Hoare, Communicating sequential processes, Prentice Hall 1985.Google Scholar
- 7.C.O'Halloran, A Calculus of Information Flow (specifying confidentiality requirements), DRA, Malvern Report 92001 1992.Google Scholar
- 8.TDF Specification, available from Dr. N. Peeling, N101, DRA Malvern, St. Andrews Rd., Malvern, Worcs. WR14 3PS, UK.Google Scholar
- 9.C.O'Halloran, Category theory and information flow applied to computer security, DPhil thesis, Oxford University 1993.Google Scholar