Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

An Approach to Automated Verification of Multi-Level Security System Models

  • Conference paper
New Results in Dependability and Computer Systems

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 224))

  • 802 Accesses

Abstract

In the paper the approach to the multi-level security (MLS) system models verification is presented. In the work the MlsML profile was developed with possibility of the confidentiality or integrity verification on the base of Bell- LaPadula or Biba models. The Bell-LaPadula and Biba models are formalized together with scenarios that represent possible run-time instances. Properties of the security policy model are expressed as constrains in OCL language. The feasibility of the proposed approach by applying it to a non-trivial example is demonstrated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Anderson, J.P.: Computer Security Technology Planning Study, vol. II ESD-TR-73-51. Electronic System Division. Air Force System Command. Hansom Field, Bedford, MA, 01730 (1973)

    Google Scholar 

  2. Bell D.E., La Padula, L.J.: Secure Computer System: Unified Exposition and Multics Interpretation, ESD-TR-75-306. ESD/AFSC, Hanscom AFB, Bedford, MA (1976), http://csrc.nist.gov/publications/history/bell76.pdf (accessed June 24, 2012)

  3. Bell, D.E.: Looking Back at the Bell-La Padula Model, Reston VA, 20191 (2005)

    Google Scholar 

  4. Biba, K.J.: Integrity Consideration for Secure Computer System, Report MTR-3153 (1975)

    Google Scholar 

  5. Clark, D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security Policies. In: Proc. IEEE Symposium on Research in Security and Privacy, pp. 184–194 (1987)

    Google Scholar 

  6. Mouratidis, H., Giorgini, P., Manson, G.: When security meets software engineering: a case of modeling secure information systems. Information Systems 30, 609–629 (2005)

    Article  Google Scholar 

  7. ZieliƄski, Z., Stasiak, A., Dąbrowski, W.: A Model Driven Method for Multilevel Security Systems Design. Przegląd Elektrotechniczny (Electrical Review) (2), 120–125 (2012)

    Google Scholar 

  8. Basin, D., Clavel, M., Doser, J., Loddersted, T.: Model Driven Security: From UML Models to Access Control Infrastructures 15(1), 39–91 (2006)

    Google Scholar 

  9. Basin, D., Clavel, M., Doser, J., Egea, M.: Automated analysis of security-design models. Information and Software Technology 51, 815–831 (2009)

    Article  Google Scholar 

  10. Ahn, G.J., Shin, M.E.: Role-based authorization constraints specification using object constraint language. In: WETICE 2001: Proceedings of the 10th IEEE International Workshops on Enabling Technologies. IEEE Computer Society, Washington, DC (2001)

    Google Scholar 

  11. Sohr, K., Ahn, G.J., Gogolla, M., Migge, L.: Specification and validation of authorisation constraints using UML and OCL. In: De Capitani di Vimercati, S., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 64–79. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. JĂŒrjens, J.: UMLsec: Extending UML for secure systems development. In: JĂ©zĂ©quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Frankel, D.S.: Model Driven Architecture: Applying MDA to Enterprise Computing. John Wiley & Sons (2003)

    Google Scholar 

  14. ZieliƄski, Z., Furtak, J., Chudzikiewicz, J., Stasiak, A., Brudka, M.: Secured Workstation to Process the Data of Different Classification Levels. Journal of Telecommunications and Information Technology (3), 5–12 (2012)

    Google Scholar 

  15. Kelly, S., Tolvanen, J.P.: Domain-Specific Modeling: Enabling Full Code Generation. Wiley, NJ (2008)

    Book  Google Scholar 

  16. Mohlin, M.: Model Simulation in Rational Software Architect: Simulating UML Models. IBM (2010)

    Google Scholar 

  17. Anders, E.: Model Simulation in Rational Software Architect: Activity Simulation. IBM (2010)

    Google Scholar 

  18. Kozakiewicz, A., Felkner, A., Furtak, J., ZieliƄski, Z., Brudka, M., MaƂowidzki, M.: Secure Workstation for Special Applications. In: Lee, C., Seigneur, J.-M., Park, J.J., Wagner, R.R. (eds.) STA 2011 Workshops. CCIS, vol. 187, pp. 174–181. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Military University of Technology, Warsaw, Poland

    Andrzej Stasiak & Zbigniew ZieliƄski

Authors
  1. Andrzej Stasiak
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zbigniew ZieliƄski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrzej Stasiak .

Editor information

Editors and Affiliations

  1. , Institute of Computer Engineering, WrocƂaw University of Technology, ul. Janiszewskiego 11/17, WrocƂaw, 50-372, Poland

    Wojciech Zamojski

  2. , Institute of Computer Engineering, WrocƂaw University of Technology, ul. Janiszewskiego 11/17, WrocƂaw, 50-372, Poland

    Jacek Mazurkiewicz

  3. , Institute of Computer Engineering, WrocƂaw University of Technology, ul. Janiszewskiego 11/17, WrocƂaw, 50-372, Poland

    JarosƂaw Sugier

  4. , Institute of Computer Engineering, WrocƂaw University of Technology, ul. Janiszewskiego 11/17, WrocƂaw, 50-372, Poland

    Tomasz Walkowiak

  5. , Systems Research Institute, Polish Academy of Sciences, ul. Newelska 6, Warszawa, 01-447, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Stasiak, A., ZieliƄski, Z. (2013). An Approach to Automated Verification of Multi-Level Security System Models. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) New Results in Dependability and Computer Systems. Advances in Intelligent Systems and Computing, vol 224. Springer, Heidelberg. https://doi.org/10.1007/978-3-319-00945-2_34

Download citation

Publish with us

Policies and ethics

Search

Navigation