Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Specification and verification of confidentiality in software architectures
Download
index.pdf
Date
2004
Author
Ulu, Cemil
Metadata
Show full item record
Item Usage Stats
205
views
74
downloads
Cite This
This dissertation addresses the confidentiality aspect of the information security problem from the viewpoint of the software architecture. It presents a new approach to secure system design in which the desired security properties, in particular, confidentiality, of the system are proven to hold at the architectural level. The architecture description language Wright is extended so that confidentiality authorizations can be specified. An architectural description in Wright/c, the extended language, assigns clearance to the ports of the components and treats security labels as a part of data type information. The security labels are declared along with clearance assignments in an access control lattice model, also expressed in Wright/c. This enables the static analysis of data flow over the architecture subject to confidentiality requirements as per Bell-LaPadula principles. An algorithm takes the Wright/c description and the lattice model as inputs, and checks if there is a potential violation of the Bell-LaPadula principles. The algorithm also detects excess privileges. A software tool, which features an XML-based front-end to the algorithm is constructed. Finally, the algorithm is analyzed for its soundness, completeness and computational complexity.
Subject Keywords
Computer engineering.
,
Computer Hardware.
URI
http://etd.lib.metu.edu.tr/upload/12604809/index.pdf
https://hdl.handle.net/11511/14099
Collections
Graduate School of Natural and Applied Sciences, Thesis
Suggestions
OpenMETU
Core
Software process improvement
Elalmış, Mert Erkan; Yücel, Melek D; Department of Electrical and Electronics Engineering (2007)
In this thesis the software development process and in particular, the requirements management processes in a major software development company have been investigated. The current problems related to requirements quality and process performances have been identified. Process improvement measures have been proposed based on the suggestions found in the relevant literature. The current process and the improved version have been compared with respect to the process evaluation metrics proposed particularly for...
Design and implementation of an open security architecture for a software-based security module
Kaynar, Kaan; Özgit, Attila; Department of Computer Engineering (2009)
Main purpose of this thesis work is to design a comprehensive and open security architecture whose desired parts could be realized on a general-purpose embedded computer without any special cryptography hardware. The architecture provides security mechanisms that implement known cryptography techniques, operations of some famous network security protocols and appropriate system security methods. Consequently, a server machine may offload a substantial part of its security processing tasks to an embedded com...
Design and implementation of a plug-in framework for distributed object technologies
Kadıoğlu, Koray; Doğru, Ali Hikmet; Department of Computer Engineering (2006)
This thesis presents a framework design and implementation that enables run-time selection of different remote call mechanisms. In order to implement an extendable and modular system with run-time upgrading facility, a plug-in framework design is used. Since such a design requires enhanced usage of run-time facilities of the programming language that is used to implement the framework, in this study Java is selected because of its reflection and dynamic class loading facilities. A sample usage of this frame...
Design and implementation of a monitoring framework
Kuz, Kadir; Doğru, Ali Hikmet; Department of Computer Engineering (2009)
In this thesis work, the symptoms in Windows XP operating system for fault monitoring are investigated and a fault monitoring library is developed. A test GUI is implemented to examine this library. Performance tests including memory and CPU usage are done to see its overhead to the system and platform tests on the current version of Windows operating system series (Windows Vista) are done to see for compatibility. In this thesis, fault monitor-fault detector interface is also defined and implemented. To mo...
Architectural design of an access control system for enterprise networks
Kirimer, Burak; Özgit, Attila (2007-11-09)
Client computers in enterprise networks have the potential to be the source of serious security problems, especially when their hardware and software components are out of physical administrative control. Besides, services in the network may have client configuration requirements. We propose a system composed of a policy management and enforcement server and client agents, which authenticates the client users and checks their computer configurations before allowing their access to services. The information ...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
C. Ulu, “Specification and verification of confidentiality in software architectures,” Ph.D. - Doctoral Program, Middle East Technical University, 2004.