79,310 research outputs found
A Verified Information-Flow Architecture
SAFE is a clean-slate design for a highly secure computer system, with
pervasive mechanisms for tracking and limiting information flows. At the lowest
level, the SAFE hardware supports fine-grained programmable tags, with
efficient and flexible propagation and combination of tags as instructions are
executed. The operating system virtualizes these generic facilities to present
an information-flow abstract machine that allows user programs to label
sensitive data with rich confidentiality policies. We present a formal,
machine-checked model of the key hardware and software mechanisms used to
dynamically control information flow in SAFE and an end-to-end proof of
noninterference for this model.
We use a refinement proof methodology to propagate the noninterference
property of the abstract machine down to the concrete machine level. We use an
intermediate layer in the refinement chain that factors out the details of the
information-flow control policy and devise a code generator for compiling such
information-flow policies into low-level monitor code. Finally, we verify the
correctness of this generator using a dedicated Hoare logic that abstracts from
low-level machine instructions into a reusable set of verified structured code
generators
Towards alignment of architectural domains in security policy specifications
Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI
Polycentrism and Flux in Spatialized Management: Evidence from Maine\u27s Lobster (Homarus americanus) Fishery
Spatial approaches to fisheries management hold great promise but require continued conceptual and policy development. Polycentrism and flux emerge as useful concepts, drawing lessons from more customary, informal resourceuse patterns to produce more innovative âspatializedâ policies within existing governance architectures. Empirical evidence from Maine shows that pioneering efforts have been limited by the single-species focus of conventional management hierarchies. As entry limits have consolidated the fishing fleet and eliminated flexible, diversified, and adaptive business strategies, cross-species and habitat externalities have become problematic. State lobster (Homarus americanus Milne- Edwards, 1837) comanagement zones have achieved some successes, including trap limits and improved industry-management communications, but incur significant transaction costs and raise equity and stewardship concerns. Kindred proposals for spatial refinement of groundfish management and locally based area-management councils lack support from the state Department of Marine Resources, Atlantic States Marine Fisheries Commission, New England Fishery Management Council, and National Marine Fisheries Service. Broader and more transparent deliberation of explicitly spatial and ecosystem approaches might be advanced by citizen panels convened to foster polycentric decision structures and accommodate more integrative management strategies
- âŠ