|
Abstract : |
Research about secure systems takes place in several largely unrelated communities without much mutual understanding, and without a common notion of "security". Example areas are access control and information flow control, cryptology, secure software, statistical databases, and fault tolerance and safety. We strive to unify these approaches, or at least to give them a common understanding of their relations, by presenting a general framework for the design of secure systems and showing how the main research activities of several example areas fit together in it. Our main issue is not terminology, but the notions of security as such, and how such security can be achieved. We keep formalism to a minimum and use simple terminology from general computer science, avoiding all the jargons of the communities involved. Nevertheless, in contrast to previous approaches, our goal was to identify notions that can be defined formally (at least for those design stages that are accessible to formalization at all), and to relate them to usual formal notions about system design, e.g., "specification " and "correctness". Particular notions we discuss are trust models, the requirement that a system does "nothing, |
