Access control is a vital security mechanism in today's operating systems and the security policies dictating the security relevant behaviors is lengthy and complex for example in Security-Enhanced Linux (SELinux)...
详细信息
Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinu...
详细信息
Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the information flow security goal is violated or not during runtime, how to generate the corresponding control actions on-line when divergence is detected and how to apply these actions in time based on software active monitoring technique. The symbolic security information flow model of SElinux is generated from a formalization of the access control mechanism which can be used to generate the N-step ahead projection of the future behavior. Information flow security goals are expressed in linear temporal logic (LTL) which provides clear description of the objectives desired by applications. Anticipatory monitor is generated from LTL formula automatically. We consider an on-line scheme where after the occurrence of an event, the next control action is determined on the basis of the N-step ahead projection of the future behavior. This procedure is repeated after the occurrence of next security relevant event. Thus, a closed-loop system is generated that all behavior sequences will satisfy the security goals.
A sequential memory component stores data in addressable locations. The component serves an input stream in a regular way iff all read commands retrieve data from locations with a previous assignment. We study the com...
An almost synchronous stream consists of a sequence of proper messages and pauses transmitted over a directed channel. The paper presents the transformational design of a communicating component which coordinates two ...
详细信息
A sequential memory component stores and retrieves data in addressable locations. A fault tolerant implementation suspends read commands to locations without a prior assignment until data becomes available at the requ...
详细信息
ISBN:
(纸本)9781604232356
A sequential memory component stores and retrieves data in addressable locations. A fault tolerant implementation suspends read commands to locations without a prior assignment until data becomes available at the requested location. The paper studies the systematic top-down design of a fault tolerant sequential memory component in the setting of stream functions and state transition machines. We formally refine the communication-oriented input/output behaviour into a state-based implementation. The transformation employs a history abstraction function which extracts the component's internal state from the input history. Beyond the particular case study, we explicate generally applicable formal methods for the functional specification and systematic design of interactive components in distributed systems with asynchronous communication.
Modern computer systems are composed of software components which store information and provide services through interfaces. A component-based distributed system evolves by an ongoing interaction [1] between the compo...
详细信息
An almost synchronous stream consists of a sequence of proper messages and pauses transmitted over a directed channel. The paper presents the transformational design of a communicating component which coordinates two ...
详细信息
An almost synchronous stream consists of a sequence of proper messages and pauses transmitted over a directed channel. The paper presents the transformational design of a communicating component which coordinates two almost synchronous streams. A proper message on one input channel is forwarded to the corresponding output channel as soon as there arrives a proper message on the other input channel as well. We refine the stream-based input/output behaviour to a state-based implementation exploiting two major transformations. The first transformation refines the component's infinite behaviour to a finite behaviour. The second transformation implements the component's finite behaviour by a state transition machine. The component's internal state is extracted from the input histories using a history abstraction function. Altogether, we explicate a formal method how to refine a specified infinite input/output behaviour of a communicating component by a state transition machine in the setting of almost synchronous streams.
We propose a novel execution model for the implicitly parallel execution of data parallel programs in the presence of general I/O operations. This model is called hybrid because it combines the advantages of the stand...
详细信息
This paper presents a formal method how to transform the structured signature of an algebraic specification into a collection of object-oriented class signatures. We discuss possible design decisions and formalize the...
详细信息
A combinational module for scattered pattern matching tests whether the digits of a given pattern occur in the proper order and multiplicity within a given search string. We present a unifying high-level synthesis of ...
详细信息
暂无评论