An approach to computer security
Date
1985
Authors
Woolsey, James Richard
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
No general purpose computer operating system can completely prevent illegal or illicit access of data that it controls. An illegal system access can be an accidental or deliberate attack on the system, and is usually due to carelessness of users or to flaws in the design of the system. Systems are flawed because they, and the assumptions on which system security is based, are not well understood. Our ideas of system security are based on the finite state machine model, which can be defined in a precise, formal manner. To enable large systems with many states to be described, we use the mode class model. Using the concept of a finite state machine, we define what a system is, what entities are with respect to a system, and what it means for an entity to be independent in a system. We are then able to describe what it means for a system to be secure. As well, we describe how the parts of systems, such as programmes and processes, can be defined as entities. These concepts permit us to describe how secure systems can be designed. As a practical example of the theory, we show how a UNIX-like system that does not have many of the same security and allocation problems as current UNIX and UNIX-like systems can be produced.