Policy-based architectural refinement techniques for the design of multi-level secure systems


Zhou, Jie.. (2008). Policy-based architectural refinement techniques for the design of multi-level secure systems. Theses and Dissertations Collection, University of Idaho Library Digital Collections.

Policy-based architectural refinement techniques for the design of multi-level secure systems
Zhou, Jie.
Computer security--Design
Computer Science
The development of applications with security features has focused on either security as an afterthought, or security as a decentralized requirement of large part of the application. Successful development of high assurance multi-level secure (MLS) systems must occur from the beginning of the design. However, normal MLS system design requires that all security enforcing parts of the system enforce the full MLS security policy. This requires a tremendous amount of time and effort to verify that the policy is correct; and usually requires analysis of the system as a whole.;This dissertation applies the well-known concept of divide-and-conquer to the verification of MLS systems The work presented here addresses the enforcement of security policies at system design time by providing policy-based architectural refinement techniques for the design of MLS systems. The resulting design will partition the system security policy into sub-policies enforced by subcomponents of the system, with some subcomponents enforcing no security policies. A secure process is presented to refine the policy into sub-policies that as an aggregate still satisfy the system-wide policy. The verification effort now can focus on small, well defined subcomponents, enforcing limited sub-policies, greatly reducing the time and cost of verification.;To securely refine the policy into sub-policies, a set of policy-based architectural refinement patterns for decomposing, aggregating, and eliminating components, connectors, and ports in the system architecture are provided. What security policies must be satisfied through the refinement process are discussed. A policy refinement language (PRL) is proposed to specify the rules of refinement patterns, and the hierarchy of the patterns is presented.;A three-level algebraic framework for rule predicates, policy rules, and policies is developed for the formal analysis of policies and their composition and refinement. These algebras provide a formalism for detecting conflicts among rules, computing union, intersection, and concatenation of rules and policies. The properties of these algebras and the application of this framework to the formal analysis of security policies and their composition and refinement are presented. The developed algebraic framework is also used to verify the correctness of the refinement rules of each pattern.;To validate the approach, the designs of a Multiple Independent Levels of Security/Safety (MILS) and a web service application system are presented. For each design example, the proposed refinement patterns are applied in each step of the architectural refinement and for each step it is verified that the corresponding refinement rule is satisfied.;The work presented in this dissertation leads to a practical security engineering technique, which will benefit system architects by providing design guidance and reducing overall design verification efforts in developing MLS systems.
Thesis (Ph. D., Computer Science)--University of Idaho, December 7, 2008.
Major Professor:
Jim Alves-Foss.
Defense Date:
December 7, 2008.
Format Original:
xiii, 111 leaves :col. ill. ;29 cm.

Contact us about this record

In Copyright - Educational Use Permitted. For more information, please contact University of Idaho Library Special Collections and Archives Department at
Standardized Rights: