ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A model for verification of data security in operating systems
Full text PdfPdf (1.49 MB)
Source
Communications of the ACM archive
Volume 21 ,  Issue 9  (September 1978) table of contents
Pages: 737 - 749  
Year of Publication: 1978
ISSN:0001-0782
Authors
Gerald J. Popek  Univ. of California, Los Angeles
David A. Farber  Univ. of California, Los Angeles
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 75,   Citation Count: 17
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/359588.359597
What is a DOI?

ABSTRACT

Program verification applied to kernel architectures forms a promising method for providing uncircumventably secure, shared computer systems. A precise definition of data security is developed here in terms of a general model for operating systems. This model is suitable as a basis for verifying many of those properties of an operating system which are necessary to assure reliable enforcement of security. The application of this approach to the UCLA secure operating system is also discussed.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Abraham, S. "Access authorization and control mechanisms for operating systems. Masters Th., Comptr. Sci. Dept., U. of California, Los Angeles, 1976.
 
2
Bell, D., and Lapadula, L. Secure computer system: Unified exposition and multics interpretation. Tech. Rep. 2997, Mitre, Bedford, Mass., July 1975.
 
3
Birman, A. "On Proving Correctness of Micrograms. IBM J. Res. and Develop. 18, 3 (May 1974), 250-266.
 
4
Bisbey, R., Popek, G., and Carlstedt, J. Inconsistency of a single data value over time. USC/ISI Res. Rep., U. of Southern California, Los Angeles, Feb. 1975.
 
5
Carlstedt, J., Bisbey, R., and Popek, G. Pattern directed protection evaluation. USC/ISI Res. Rep. 75-31, U. of Southern California, Los Angeles, Jan. 1975.
 
6
Laurian Mircea Chirica, Contributions to compiler correctness., 1976
 
7
Richard H. Eckhouse, Jr. , L. Robert Morrison, Minicomputer Systems: Organization, Programming and Applications (PDP-11), Prentice Hall Professional Technical Reference, 1979
8
Bernard Elspas , Karl N. Levitt , Richard J. Waldinger , Abraham Waksman, An Assessment of Techniques for Proving Program Correctness, ACM Computing Surveys (CSUR), v.4 n.2, p.97-147, June 1972  [doi>10.1145/356599.356602]
 
9
Fiorani, P. The UCLA virtual machine monitor. Master's Th., Comptr. Sci. Dept., U. of California, Los Angeles, 1975.
 
10
Floyd, R. Assigning meanings to programs. Proceedings of Symposia in Applied Mathematics, VoL 19, Amer. Math. Soc., Providence, R.l., pp. 19-31.
 
11
Good, D. Private communication, O. of Texas, 1975.
12
C. A. R. Hoare, An axiomatic basis for computer programming, Communications of the ACM, v.12 n.10, p.576-580, Oct. 1969  [doi>10.1145/363235.363259]
 
13
Hoare, C.A.R. Proof of correctness of data representations. Acta lnformatica 1 (1972), 271-281.
 
14
Hoare, C.A.R. An axiomatic definition of the programming language PASCAL. Acta lnformatica 2 (1973), 335-355.
 
15
Kampe, M., Kline, C., Popek, G., and Walton, E. The UCLA data secure operating system. Tecb. Rep., U. of California, Los Angeles, July 1977.
 
16
Kemmerer, R. Verification of large programs: Mapping issues. Ph.D. Th., Comptr. Sci. Dept., U. of California, Los Angeles, 1978 (forthcoming).
 
17
Kline, C., and Popek, G. Encryption in computer network security. Tech. Rep., U. of California, Los Angeles, April 1977. Submitted for publication.
 
18
Lampson, B.W. Protection. Proc. Fifth Annual Princeton Conf. Inform. Sci. and Syst., Princeton U., Princeton, N.J., March 1971, pp. 437-443; also Operating Syst. Rev. (ACM) 8, 1 (Jan. 1974), 18-24.
19
Donald I. Good , Ralph L. London , W. W. Bledsoe, An interactive program verification system, Proceedings of the international conference on Reliable software, p.482-492, April 21-23, 1975, Los Angeles, California
 
20
Manna, Z. The correctness of programs. J. Comptr. Syst. Sci. 3, (1969), 119-127.
21
Jonathan K. Millen, Security Kernel validation in practice, Communications of the ACM, v.19 n.5, p.243-250, May 1976  [doi>10.1145/360051.360059]
 
22
Robin Milner, An algebraic definition of simulation between programs, Stanford University, Stanford, CA, 1971
 
23
Neumann, P., et al. On the design of a probably secure operating system. Proc. Workshop on Protection in Operating Systems. IRIA. Rocquencourt, France, (Aug. 1974), pp. 161-175.
 
24
Popek, G., and Kline, C. Verifiable secure operating systems software. Proc. AFIPS 1974 NCC, AFIPS Press, Montvale, N.J., pp. 135-142.
25
Gerald J. Popek , Charles S. Kline, A verifiable protection system, Proceedings of the international conference on Reliable software, p.294-304, April 21-23, 1975, Los Angeles, California
 
26
Gerald J. Popek , Charles S. Kline, Issues in Kernel Design, Operating Systems, An Advanced Course, p.209-227, January 1978
 
27
Walker, B. Verification of the UCLA security kernel: datadefined specifications. Master's Th., Comptr. Sci. Dept., University of California, Los Angeles, Oct. 1977.
 
28
Walton, E. The UCLA kernel. Master's Th., Comptr. Sci. Dept., U. of California, Los Angeles, 1975.
29
Peter Wegner, The Vienna Definition Language, ACM Computing Surveys (CSUR), v.4 n.1, p.5-63, March 1972  [doi>10.1145/356596.356598]
 
30
Wirth, N. The programming language Pascal. Acta Informatica 1 (1971), 35-63.
 
31
Wirth, N., and Jensen, K. The programming language Pascal (revised report). In Pascal User Manual and Report, Springer-Verlag, 1974, pp 133-170.
 
32
{DEC 73} PDP-I 1/45 Processor Handbook. Digital Equipment Corp., Maynard, Mass., 1973.

CITED BY  17
Gregory R. Andrews , Richard P. Reitman, An Axiomatic Approach to Information Flow in Programs, ACM Transactions on Programming Languages and Systems (TOPLAS), v.2 n.1, p.56-76, Jan. 1980
Trong Wu, Space saving key-lock access control system (abstract only), Proceedings of the 15th annual conference on Computer Science, p.374, February 1987, St. Louis, Missouri, United States
Robert P. Trueblood , H. Rex Hartson , Johannes J. Martin, MULTISAFE—a modular multiprocessing approach to secure database management, ACM Transactions on Database Systems (TODS), v.8 n.3, p.382-409, Sept. 1983
Carl E. Landwehr , Constance L. Heitmeyer , John McLean, A security model for military message systems, ACM Transactions on Computer Systems (TOCS), v.2 n.3, p.198-222, Aug. 1984
Anita K. Jones , Barbara H. Liskov, A language extension for expressing constraints on data access, Communications of the ACM, v.21 n.5, p.358-367, May 1978
Dorothy E. Denning , Peter J. Denning, Data Security, ACM Computing Surveys (CSUR), v.11 n.3, p.227-249, Sept. 1979
J. M. Rushby, Design and verification of secure systems, ACM SIGOPS Operating Systems Review, v.15 n.5, p.12-21, December 1981
Jonathan M. Silverman, Reflections on the verification of the security of an operating system kernel, ACM SIGOPS Operating Systems Review, v.17 n.5, p.143-154, October 1983
Gregory R. Andrews, Parallel programs: proofs, principles, and practice, Communications of the ACM, v.24 n.3, p.140-145, March 1981
Carl E. Landwehr, Formal Models for Computer Security, ACM Computing Surveys (CSUR), v.13 n.3, p.247-278, Sept. 1981
W. R. Bevier, Kit: A Study in Operating System Verification, IEEE Transactions on Software Engineering, v.15 n.11, p.1382-1396, November 1989
Carl E. Landwehr, Some lessons from formalizing a security model, ACM SIGSOFT Software Engineering Notes, v.10 n.4, August 1985
Richard P. Reitman , Gregory R. Andrews, Certifying information flow properties of programs: an axiomatic approach, Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.283-290, January 29-31, 1979, San Antonio, Texas
Wen-Pai Lu , Malur K. Sundareshan, A Model for Multilevel Security in Computer Networks, IEEE Transactions on Software Engineering, v.16 n.6, p.647-659, June 1990
Bruce J. Walker , Richard A. Kemmerer , Gerald J. Popek, Specification and verification of the UCLA Unix security kernel, Communications of the ACM, v.23 n.2, p.118-131, Feb. 1980
Charles R. Young, A security policy for a profile-oriented operating system, Proceedings of the May 4-7, 1981, national computer conference, May 04-07, 1981, Chicago, Illinois
Stephen T. Walker, The advent of trusted computer operating systems, Proceedings of the May 19-22, 1980, national computer conference, May 19-22, 1980, Anaheim, California

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS


General Terms:
Design, Performance, Security, Theory, Verification


Keywords:
operating systems, program verification, protection, security

Collaborative Colleagues:
Gerald J. Popek: colleagues
David A. Farber: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player