Reference from ESORICS proceedings

First European Symposium On Research In Computer Security (ESORICS 90)

Towards an Object Oriented Development Environment for Secure Applications

E.S. Hocking, J.A. McDermid

Keywords : Object oriented systems, IPSES, Z, Security models, assurance

Abstract : The need for secure applications has long been understood by the security community. It is however becoming increasingly clear that the environment within which secure applications are developed can itself have a large impact on the overall assurance attributable to the deliverable product. For example, an otherwise secure application can be corrupted by the inclusion of a non-verified component during a particular phase in the software life cucle unless close control is maintained over the activities involved. It is just this sort of issue which a support environment in meant to address. This paper examines these issues within the context of an Object Oriented development environment. This will be done by first reviewing a flexible security policy such as might be required in a typical development environment. This abstract policy will then be configured to a particular set of control objectives to demonstrate the utility of the approach. This abstract model will then be refined into a particular architecture in order to demonstrate a possible approach to enforcing security. Finally some observations based on an attempt at building a prototype environment based on this architecture will be discussed.

(Pages 191-200)

Proceedings table of contents