: In many of today's application programs, security functionality is inseparably intertwined with the actual mission-purpose logic. As a result, the trusted code base is unnec...
If we classify the variables of a program into various security levels, then a secure information flow analysis aims to verify statically that information in the program can flo...
Obligations are pervasive in modern systems, often linked to access control decisions. We present a very general model of obligations as objects with state, and discuss its interac...
Daniel J. Dougherty, Kathi Fisler, Shriram Krishna...
Abstract. Embedded computer control is increasingly common in appliances, vehicles, communication devices, medical instruments, and many other systems. Some embedded computer syste...
Defence trees and CP-net (ceteris paribus network) are two useful approaches that can be used to help a system administrator to analyze a security scenario and to give him a model ...