J McLean - Proceedings of 1994 IEEE Computer Society …, 1994 - ieeexplore.ieee.org
This paper presents a general theory of system composition for" possibilistic" security properties. We see that these properties fall outside of the Alpern-Schneider safety/liveness …
N Halbwachs, F Lagnier, P Raymond - … The Netherlands 21–25 June 1993, 1994 - Springer
Abstract Synchronous programming [20, 14] is a useful approach to design reactive systems. A synchronous program is supposed to instantly and deterministically react to events coming …
AU Shankar - ACM Computing Surveys (CSUR), 1993 - dl.acm.org
This is a tutorial introduction to assertional reasoning based on temporal logic. The objective is to provide a working familiarity with the technique. We use a simple system model and a …
L Lamport - The American mathematical monthly, 1995 - Taylor & Francis
Yet, the structure of mathematical proofs has not changed in 300 years. The proofs in Newton's Principia differ in style from those of a modern textbook only by being written in …
VD Gligor, SI Gavrila, D Ferraiolo - Proceedings. 1998 IEEE …, 1998 - ieeexplore.ieee.org
Formally defines a wide variety of separation-of-duty (SoD) properties, including the best known to date, and establishes their relationships within a formal model of role-based …
M Abadi, L Lamport - Workshop/School/Symposium of the REX Project …, 1991 - Springer
Traditional methods for specifying and reasoning about concurrent systems work for real- time systems. However, two problems arise: the real-time programming version of Zeno's …
A Zakinthinos, ES Lee - … 1997 IEEE Symposium on Security and …, 1997 - ieeexplore.ieee.org
We present a general theory of possibilistic security properties. We show that we can express a security property as a predicate that is true of every set containing all the traces …
Since the initial work of Daryl McCullough (1987) on the subject, the security community has struggled with the problem of composing" possibilistic" information-flow properties. Such …
E Kindler - Bulletin of the European Association for Theoretical …, 1994 - Citeseer
The distinction of safety and liveness properties is often adopted in speci cation and design methods for distributed systems. We present a short survey on the\history" of these concepts …