A Security Domain Model for Implementing Trusted Subject Behaviors
NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
Pagination or Media Count:
Within a multilevel secure MLS system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control MAC policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. The authors present a formal definition for trusted subject behaviors that depends upon a representation of information flow and control dependencies generated during a program execution. They describe a security Domain Model DM designed in the Alloy specification language for conducting static analysis of programs to identify illicit information flows and access control flaws and covert channel vulnerabilities. The DM is compiled from a representation of a target program, written in an intermediate Implementation Modeling Language IML, and a specification of the security policy written in Alloy. The Alloy Analyzer tool is used to perform static analysis of the DM to detect potential security policy violations in the target program. In particular, since the operating system upon which the trusted subject runs has limited ability to control its actions, static analysis of trusted subject operations can contribute to the security of the system.
- Computer Programming and Software
- Computer Systems Management and Standards