Action Systems, Determinism and the Development of Secure Systems

This thesis addresses issues arising in the specification and development of secure systems, focusing in particular on aspects of confidentiality. Various confidentiality properties based on limiting the allowed flows of information in a system have previously been proposed. These definitions axe reviewed here and some of the problems inherent in their use axe outlined. Recent work by Roscoe [106] has. provided information flow definitions based on restricting the allowed nondeterminism within the system. These properties axe described in detail, with a range of examples provided to illustrate their use.This thesis is concerned with providing a new, pragmatic approach to the development of secure systems. Action systems axe chosen as a notation which incorporates both direct representation of system state useful for effective system modelling and the succession of events in a system essential for representation of information flow properties. A definition of nondeterminism and formulations of the deterministic security properties axe developed for action systems. These axe shown to correspond to the original CSP event based definitions.The emphasis of this work is on the practical application of theoretical results. This is reflected in the case studies in which the preceding work is applied to realistic development situations. This allows the strengths and weaknesses of both the deterministic security conditions and the use of action systems to be assessed. The first study investigates security constraints applied to a distributed message-passing system. Ways of specifying security conditions and the effects of including them at different levels axe explored. The second case study follows through the specification and refinement of a distributed security kernel. A technique for the simplification of security proofs is introduced

Refining Action Systems within B-Tool

. Action systems is a formalism designed for the construction of parallel and distributed systems in a stepwise manner within the refinement calculus. In this paper we show how action systems can be derived and refined within a mechanical proof tool, the B-Tool. We describe how action systems are embedded in B-Tool. Due to this embedding we can now develop parallel and distributed systems within the B-Tool. We also show how a typical and nontrivial refinement rule, the superposition refinement rule, is formalized and applied on action systems within B-Tool. A derivation towards a distributed load balancing algorithm is given as a case study. 1 Introduction Action systems are used to construct parallel and distributed systems in a stepwise manner as described by Back et al. [2, 4]. They are often developed using a poweful program modularization and structuring method called superposition [7, 9, 2]. In superposition some new functionality is added to an algorithm in the form of additio..