Abstract
This paper is focussed on the notion of a Formal Model of Security Policy (FMSP). This kind of model is essential when reasoning about the security of Information Technology devices like a specific IT-product or IT-system. Without an unambiguous definition of what security means, it is impossible to say whether a product is really secure.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bell, D.E. and L.J. LaPadula, Secure Computer Systems: A Mathematical Model, ESD-TR-73-278, Vol.11, November 1973, The MITRE Corporation, Bedford, MA: HQ Electronic Systems Division, Hanscom AFB, MA.
K. J. Biba, Integrity Considerations for Secure Computer Systems, The Mitre Corporation, Bedford, MA, MTR-3153
Bundesamt für Sicherheit in der Informationstechnik, Formales Sicherheitsmodell zur Erzeugung und Prüfung digitaler Signaturen mit Hilfe von VSE, BSI report, 1998
Common Criteria for Information Technology Security Evaluation (CC), Version 2.0, http://csrc.ncsl.nist.gov/nistpubs/cc/
Ronald A. Gove, The Theory and Construction of Formal Security Policy Models, Tutorial 9th Annual Computer Security Application Conference, Orlando, 1993
Gesetz zur Regelung der Rahmenbedingungen für Informations-und Kommunikationsdienste (Informations-und Kommunikationsdienstegesetz-IuKDG) (in Kraft getr. am 1.8.97) Artikel 3 Gesetz zur digitalen Signatur (Signaturgesetz-SigG)
D. Hutter, B. Langenstein, C. Sengler, J. Siekmann, W. Stephan, A. Wolpers, Verification Support Environment, Proceedings Formal Method Europe-96, M.C. Gaudel and J. Woodcock (Eds.), Springer Verlag, LNCS 1051, 1996, 268–286
Information Technology Security Evaluation Criteria, Office for Official Publications of the European Communities, Luxembourg 1991.
Volker Kessler, Der Sinn von Sicherheitsmodellen, KES 93/6, 1993
Frank Koob, Markus Ullmann, Stefan Wittmann, The Formal VSE Develoment Method-a Way to Engineer High-Assurance Software Systems, Proceedings of the 11th Computer Security Application Conference, pages 196–204, IEEE Computer Society Press, New Orleans, 1995
Lampsons, B.W., Protection. Operationg Systems Review, Januar 1974. 8(1):p. 18–24. Originally published in Proceedings of the Fifth Princeton Conference on Information Sciences and Systems, March 1971
Landwehr, C.E. Formal Models for Computer Security. Communications of the ACM, October 1973. 16(19):p. 613–615
J. Rushby, Noninterference, Transitivity and Channel-Control Security Policies, Technical Report CSL-92-02, SRI International, 1992, available at http://www.csl.sri.com/rusby/reports/csl-92-2.dvi.Z
Angelika Steinacker, Sicherheitsmodell für informationstechnische Systeme-Leitlinien für die Entwicklung, Datenschutz und Datensicherung 1/92, S. 17–21, 1992
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koob, F., Ullmann, M., Wittmann, S. (1999). The New Topicality of Using Formal Models of Security Policy within the Security Engineering Process. In: Hutter, D., Stephan, W., Traverso, P., Ullmann, M. (eds) Applied Formal Methods — FM-Trends 98. FM-Trends 1998. Lecture Notes in Computer Science, vol 1641. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48257-1_20
Download citation
DOI: https://doi.org/10.1007/3-540-48257-1_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66462-8
Online ISBN: 978-3-540-48257-4
eBook Packages: Springer Book Archive