Glenn H. MacEwen

Learn More
A formal framework called <italic>Security Logic</italic> (<italic>SL</italic>) is developed for specifying and reasoning about security policies and for verifying that system designs adhere to such policies. Included in this modal logic framework are definitions of <italic>knowledge, permission,</italic> and <italic>obligation</italic>. Permission is used(More)
We have received a letter from Jacques Lenfant (Universit~ de Rennes and Laboria, France) which brings to our attention the following errors and criticisms regarding the analysis in this paper. 1. Page 610, lines 26 through 28, should read as follows: Therefore the service period is a random variable, t = b ~ c + x, whose distribution Ft(t) is derived by(More)
A monitoring approach to the problem of constructing fault-tolerant and adaptive real-time systems, based on the fail-signal processor, is described. Low error detection latency time is a primary goal. A fail-signal processor comprises an application processor along with a simple monitoring processor that detects abnormal functional or timing behaviour in(More)
This paper introduces a formalism, called Viewcharts, for speciication and composition of software behavioral views. The objective is software behav-ioral requirements speciication independent of implementation. The paper claims that behavioral requirements of large-scale and complex systems can bedescribed formally as compositions of simple behavioral(More)
This paper presents a review and discussion of post-factum software systems integration. The problem is deened; the approaches and associated issues are discussed. Integration of redundant software components, developed using diverse software engineering methodologies, into a fault tolerant system is reviewed. Finally, a novel approach to fault tolerant(More)
This paper describes current work on the design and specification of a multilevel secure distributed system called SNet. It discusses security models in general, the various problems of information flows in SNet, and the abstract and concrete security model components for SNet. It also introduces Lucid as a language for specifying distributed systems. The(More)