Accession Number:

ADA556368

Title:

Formal Models of Composable Security Architectures

Descriptive Note:

Final technical rept. Oct 2008-Sep 2011

Corporate Author:

AIR FORCE RESEARCH LAB ROME NY INFORMATION DIRECTORATE

Personal Author(s):

Report Date:

2012-02-01

Pagination or Media Count:

20.0

Abstract:

Much of the research and practice in security is concerned with particular enforcement mechanisms, and implementation or code-level vulnerabilities. This research takes an information-flow approach, which is implementation-independent, and applies it to the specification and analysis of security properties of component-based architectures. The goal was to develop rigorous but lightweight formal support for the development of secure systems. The developed formal models and inference systems are rigorous because their underlying foundation is Mantels compositional framework for information-flow security, and they are specified in Maude, which is based on rewriting logic, a general yet simple logic of concurrent change. They are lightweight because they are object-based, and automatically generate proofs induced by pattern-based queries. They can be used to explore the design space of systems prior to implementation.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE