Specifying security in a composite system

  • J. -M. Kabasele-Tenday
Security Management
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1396)


This paper proposes a formal definition of “ security ” in a composite system. By composite system, we mean a system which is composed of an automated and a human part. This split of systems in two parts characterizes the computer environment where human presence is unavoidable. Our results are a generalization of [6]. The scope of [6] was limited to three access modes, that is read, write, execute. In this paper, we extend this scope by addressing all possible operations. We also provide a syntactic way, based on the proposed security formal definition, of describing threats during the requirement analysis process. To handle the security problem when designing a system, it is important to integrate threats in the requirements document. Up to now, there were only “ methods ” to derive threats [arbitrary or threat trees method], not to express them unambiguously.


security security specification composite system threats secure system 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amoroso,E.: Fundamentals di Computer security technology. Prentice Hall, New Jersey (1994)Google Scholar
  2. 2.
    Bell, D.,LaPadula, L.: Secure Computer System: Unified Exposition and Multics Interpretation. MTR2997, MITRE Corp. (1976)Google Scholar
  3. 3.
    Dardenne, A.; et al: Goal-directed Requirements Acquisition. Science of Comp. Progr., vol. 20 (1993), 3–50.Google Scholar
  4. 4.
    Kabasele-Tenday,J.M.: Threats in Teleteaching. To be presented at 7th WCCEE, Torino, Italy, (1998)Google Scholar
  5. 5.
    Jacobson, I., et al.: Object-Oriented Software Engineering, A Use case driven approach. Addison-Wesley. (1992)Google Scholar
  6. 6.
    McLean, J.: The Algebra of Security. IEEE Symposium on security and privacy, Oakland, CA,(1988)Google Scholar
  7. 7.
    Rumbaugh, J. et al: Object-oriented modeling and design. Prentice-Hall,New Jersey, (1991)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • J. -M. Kabasele-Tenday
    • 1
  1. 1.Unité Informatique - Université catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations