Alan B. Shaffer

Learn More
Covert channels can result in unauthorized information flows when exploited by malicious software. To address this problem, we present a precise, formal definition for covert channels, which relies on control flow dependency tracing through program execution, and extends Dennings' and subsequent classic work in secure information flow [9][40][30]. A formal(More)
Evaluation of high assurance secure computer systems requires that they be designed, developed, verified and tested using rigorous processes and formal methods. The evaluation process must include correspondence between security policy objectives, security specifications, and program implementation. This research presents an approach to the verification of(More)
Conventional anti-islanding techniques used in grid-tied photovoltaic (PV) systems pose many disadvantages at high levels of PV deployment. One such issue is the inability of these systems to ride-through grid disturbances. In this paper, the use of a Power Line Carrier Communications (PLCC) Permissive anti-islanding scheme is investigated as a means of(More)
Unauthorized information flows can result from malicious software exploiting covert channels and overt flaws in access control design. To address this problem, we present a precise, formal definition for information flow that relies on control flow dependency tracing through program execution, and extends Dennings' and follow-on classic work in secure(More)
As PV deployment levels increase, loss of mains detection, or islanding detection, has again arisen as a primary concern among the utility community. This is true especially in multi-inverter cases, cases with a mix of distributed resources, and on difficult feeders on which false tripping may be a disproportionately significant problem. Power line carrier(More)
Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. We present a formal definition for trusted(More)
Approved for public release; distribution is unlimited. Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments(More)
  • 1