Skip to main content
SpringerLink
Log in

Specifying security in a composite system

  • Security Management
  • Conference paper
  • First Online:
Information Security (ISW 1997)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1396))

Included in the following conference series:

Abstract

This paper proposes a formal definition of “ security ” in a composite system. By composite system, we mean a system which is composed of an automated and a human part. This split of systems in two parts characterizes the computer environment where human presence is unavoidable. Our results are a generalization of [6]. The scope of [6] was limited to three access modes, that is read, write, execute. In this paper, we extend this scope by addressing all possible operations. We also provide a syntactic way, based on the proposed security formal definition, of describing threats during the requirement analysis process. To handle the security problem when designing a system, it is important to integrate threats in the requirements document. Up to now, there were only “ methods ” to derive threats [arbitrary or threat trees method], not to express them unambiguously.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amoroso,E.: Fundamentals di Computer security technology. Prentice Hall, New Jersey (1994)

    Google Scholar 

  2. Bell, D.,LaPadula, L.: Secure Computer System: Unified Exposition and Multics Interpretation. MTR2997, MITRE Corp. (1976)

    Google Scholar 

  3. Dardenne, A.; et al: Goal-directed Requirements Acquisition. Science of Comp. Progr., vol. 20 (1993), 3–50.

    Google Scholar 

  4. Kabasele-Tenday,J.M.: Threats in Teleteaching. To be presented at 7th WCCEE, Torino, Italy, (1998)

    Google Scholar 

  5. Jacobson, I., et al.: Object-Oriented Software Engineering, A Use case driven approach. Addison-Wesley. (1992)

    Google Scholar 

  6. McLean, J.: The Algebra of Security. IEEE Symposium on security and privacy, Oakland, CA,(1988)

    Google Scholar 

  7. Rumbaugh, J. et al: Object-oriented modeling and design. Prentice-Hall,New Jersey, (1991)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Unité Informatique - Université catholique de Louvain, Place Ste-Barbe 2, 1348, Louvain-la-Neuve, Belgium

    J. -M. Kabasele-Tenday

Authors
  1. J. -M. Kabasele-Tenday
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Eiji Okamoto George Davida Masahiro Mambo

Rights and permissions

Reprints and permissions

Copyright information

© 1998 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kabasele-Tenday, J.M. (1998). Specifying security in a composite system. In: Okamoto, E., Davida, G., Mambo, M. (eds) Information Security. ISW 1997. Lecture Notes in Computer Science, vol 1396. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0030425

Download citation

  • DOI: https://doi.org/10.1007/BFb0030425

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-64382-1

  • Online ISBN: 978-3-540-69767-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation