Initial Structured Specifications for an Uncompromisable Computer Security System

  title={Initial Structured Specifications for an Uncompromisable Computer Security System},
  author={Kenneth G. Walter and William F. Ogden and J. M. Gilligan and D. D. Schaeffer and Samuel I. Schaen},
Abstract : This report comprises a high level design for a Security Kernel of an operating system which is currently being investigated by the Air Force. This operating system will provide a sophisticated time-sharing mode of operation with a large shared-file environment to a user community comprised of individuals of various clearances. The specifications of the Security Kernel are developed through a series of successively more complex models which are used to specify the system in… 
9 Citations

Proving multilevel security of a system design

Two nearly equivalent models of multilevel security are presented and the utility of the two models and their relationship to existing models is discussed and the proof of the security of one particular system design is illustrated.

Survey of recent operating systems research, designs and implementations

  • C. Mohan
  • Computer Science, Business
  • 1978
This paper surveys the recent theoretical and experimental advancements in the operating systems area and makes extensive use of the results in the areas of graph theory, automata theory, operations research, computer architecture and software engineering.

The Lattice Security Model In A Public Computing Network

  • P. Karger
  • Computer Science
    ACM Annual Conference
  • 1978
The lattice security model is defined and shown to be useful in private sector applications of decentralized computer networks and the management of large security lattices is examined and solutions to the proliferation of categories problem are proposed.

The Birth and Death of the Orange Book

  • S. Lipner
  • Computer Science
    IEEE Annals of the History of Computing
  • 2015
This article traces the origins of US government-sponsored computer security research and the path that led from a focus on government-funded research and system development to a focus on the

Cybersecurity: from Engineering to Science |

  • Computer Science
This article considers the progress of engineering and science in the domain of cybersecurity, and the view of programs as mathematical objects that could and should be proven correct.

Cybersecurity: from Engineering to Science |

  • Computer Science
The progress of engineering and science in the domain of cybersecurity is considered, with a yearning for a sound basis that one might use to secure computer and communication systems against a wide range of threats.

Cybersecurity : From Engineering to Science Extended

Drawing on historical examples from architecture and navigation, the progress of engineering and science in the domain of cybersecurity is considered.

Computer Security Bibliography

A categorized bibliography of published reports and papers on computer security is presented, highlighting the importance of knowing the sources of information on which to draw conclusions.

Stepwise Specification and Implementation of Abstract Data Types

The algebraic approach to specification and implementation of abstract data type in the sense of Goguen, Thatcher and Wagner is extended to study problems of stepwise specification and



The multics system: an examination of its structure

The author builds a picture of the life of a process in coexistence with other processes, and suggests ways to model or construct subsystems that are far more complex than could be implemented using predecessor computer facilities.

Primitive Models for Computer Security

This model is used to develop a model of security for computer systems which have directory structured file systems and is presented as a mathematical model which specifies the security constraints applicable toComputer systems which simultaneously handle data of different sensitivity levels.

Computer Security Technology Planning Study

This document is intended to assist in the management of government procurement operations and will not be used for other purposes other than a definitely related government procurement operation.

Preliminary Notes on the Design of Secure Military Computer Systems.

Abstract : This document is a collection of working papers produced by the members of the Computer Security Branch, Directorate of Information Systems Technology, Deputy for Command and Management

A note on the confinement problem

A set of examples attempts to stake out the boundaries of the problem by defining a program during its execution so that it cannot transmit information to any other program except its caller.

A hardware architecture for implementing protection rings

A call by a user procedure to a protected subsystem (including the supervisor) is identical to a call to a companion user procedure, and the mechanisms of passing and referencing arguments are the same in both cases as well.

Modeling the Security Interface", C.W.R.U

  • Jennings Computing Center Report No. 1158,
  • 1974

File Attributes and Their Relationship to Computer Security

  • ESD-TR-74-191, M.S. Thesis,
  • 1974

A Preliminary Specification of a Multics Security Kernel

  • The MITRE Corporation,
  • 1975