Specifying security in a composite system
This paper proposes a formal definition of “ security ” in a composite system. By composite system, we mean a system which is composed of an automated and a human part. This split of systems in two parts characterizes the computer environment where human presence is unavoidable. Our results are a generalization of . The scope of  was limited to three access modes, that is read, write, execute. In this paper, we extend this scope by addressing all possible operations. We also provide a syntactic way, based on the proposed security formal definition, of describing threats during the requirement analysis process. To handle the security problem when designing a system, it is important to integrate threats in the requirements document. Up to now, there were only “ methods ” to derive threats [arbitrary or threat trees method], not to express them unambiguously.
Keywordssecurity security specification composite system threats secure system
Unable to display preview. Download preview PDF.
- 1.Amoroso,E.: Fundamentals di Computer security technology. Prentice Hall, New Jersey (1994)Google Scholar
- 2.Bell, D.,LaPadula, L.: Secure Computer System: Unified Exposition and Multics Interpretation. MTR2997, MITRE Corp. (1976)Google Scholar
- 3.Dardenne, A.; et al: Goal-directed Requirements Acquisition. Science of Comp. Progr., vol. 20 (1993), 3–50.Google Scholar
- 4.Kabasele-Tenday,J.M.: Threats in Teleteaching. To be presented at 7th WCCEE, Torino, Italy, (1998)Google Scholar
- 5.Jacobson, I., et al.: Object-Oriented Software Engineering, A Use case driven approach. Addison-Wesley. (1992)Google Scholar
- 6.McLean, J.: The Algebra of Security. IEEE Symposium on security and privacy, Oakland, CA,(1988)Google Scholar
- 7.Rumbaugh, J. et al: Object-oriented modeling and design. Prentice-Hall,New Jersey, (1991)Google Scholar