MozartV1, Istex, Corpus, bibRecord, 000E56

A Practical Formal Model for Safety Analysis in Capability-Based Systems

Identifieur interne : 000E56 ( Istex/Corpus ); précédent : 000E55; suivant : 000E57

A Practical Formal Model for Safety Analysis in Capability-Based Systems

Auteurs : Fred Spiessens ; Peter Van Roy

Source :

Lecture Notes in Computer Science [ 0302-9743 ] ; 2005.

RBID : ISTEX:F67C068A61CFEA1053719ECFBBD582685E11EB9A

Abstract

Abstract: We present a formal system that models programmable abstractions for access control. Composite abstractions and patterns of arbitrary complexity are modeled as a configuration of communicating subjects. The subjects in the model can express behavior that corresponds to how information and authority are propagated in capability systems. The formalism is designed to be useful for analyzing how information and authority are confined in arbitrary configurations, but it will also be useful in the reverse sense, to calculate the necessary restrictions in a subject’s behavior when a global confinement policy is given. We introduce a subclass of these systems we call ”saturated”, that can provide safe and tractable approximations for the safety properties in arbitrary configurations of collaborating entities.

Url:

https://api.istex.fr/document/F67C068A61CFEA1053719ECFBBD582685E11EB9A/fulltext/pdf

DOI: 10.1007/11580850_14

Links to Exploration step

ISTEX:F67C068A61CFEA1053719ECFBBD582685E11EB9A

Le document en format XML

<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">A Practical Formal Model for Safety Analysis in Capability-Based Systems</title>
<author><name sortKey="Spiessens, Fred" sort="Spiessens, Fred" uniqKey="Spiessens F" first="Fred" last="Spiessens">Fred Spiessens</name>
<affiliation><mods:affiliation>Université catholique de Louvain, Louvain-la-Neuve, Belgium</mods:affiliation>
</affiliation>
<affiliation><mods:affiliation>E-mail: fsp@info.ucl.ac.be</mods:affiliation>
</affiliation>
</author>
<author><name sortKey="Van Roy, Peter" sort="Van Roy, Peter" uniqKey="Van Roy P" first="Peter" last="Van Roy">Peter Van Roy</name>
<affiliation><mods:affiliation>Université catholique de Louvain, Louvain-la-Neuve, Belgium</mods:affiliation>
</affiliation>
<affiliation><mods:affiliation>E-mail: pvr@info.ucl.ac.be</mods:affiliation>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:F67C068A61CFEA1053719ECFBBD582685E11EB9A</idno>
<date when="2005" year="2005">2005</date>
<idno type="doi">10.1007/11580850_14</idno>
<idno type="url">https://api.istex.fr/document/F67C068A61CFEA1053719ECFBBD582685E11EB9A/fulltext/pdf</idno>
<idno type="wicri:Area/Istex/Corpus">000E56</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">A Practical Formal Model for Safety Analysis in Capability-Based Systems</title>
<author><name sortKey="Spiessens, Fred" sort="Spiessens, Fred" uniqKey="Spiessens F" first="Fred" last="Spiessens">Fred Spiessens</name>
<affiliation><mods:affiliation>Université catholique de Louvain, Louvain-la-Neuve, Belgium</mods:affiliation>
</affiliation>
<affiliation><mods:affiliation>E-mail: fsp@info.ucl.ac.be</mods:affiliation>
</affiliation>
</author>
<author><name sortKey="Van Roy, Peter" sort="Van Roy, Peter" uniqKey="Van Roy P" first="Peter" last="Van Roy">Peter Van Roy</name>
<affiliation><mods:affiliation>Université catholique de Louvain, Louvain-la-Neuve, Belgium</mods:affiliation>
</affiliation>
<affiliation><mods:affiliation>E-mail: pvr@info.ucl.ac.be</mods:affiliation>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series><title level="s">Lecture Notes in Computer Science</title>
<imprint><date>2005</date>
</imprint>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
</series>
<idno type="istex">F67C068A61CFEA1053719ECFBBD582685E11EB9A</idno>
<idno type="DOI">10.1007/11580850_14</idno>
<idno type="ChapterID">Chap14</idno>
<idno type="ChapterID">14</idno>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc><textClass></textClass>
<langUsage><language ident="en">en</language>
</langUsage>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Abstract: We present a formal system that models programmable abstractions for access control. Composite abstractions and patterns of arbitrary complexity are modeled as a configuration of communicating subjects. The subjects in the model can express behavior that corresponds to how information and authority are propagated in capability systems. The formalism is designed to be useful for analyzing how information and authority are confined in arbitrary configurations, but it will also be useful in the reverse sense, to calculate the necessary restrictions in a subject’s behavior when a global confinement policy is given. We introduce a subclass of these systems we call ”saturated”, that can provide safe and tractable approximations for the safety properties in arbitrary configurations of collaborating entities.</div>
</front>
</TEI>
<istex><corpusName>springer</corpusName>
<author><json:item><name>Fred Spiessens</name>
<affiliations><json:string>Université catholique de Louvain, Louvain-la-Neuve, Belgium</json:string>
<json:string>E-mail: fsp@info.ucl.ac.be</json:string>
</affiliations>
</json:item>
<json:item><name>Peter Van Roy</name>
<affiliations><json:string>Université catholique de Louvain, Louvain-la-Neuve, Belgium</json:string>
<json:string>E-mail: pvr@info.ucl.ac.be</json:string>
</affiliations>
</json:item>
</author>
<language><json:string>eng</json:string>
</language>
<abstract>Abstract: We present a formal system that models programmable abstractions for access control. Composite abstractions and patterns of arbitrary complexity are modeled as a configuration of communicating subjects. The subjects in the model can express behavior that corresponds to how information and authority are propagated in capability systems. The formalism is designed to be useful for analyzing how information and authority are confined in arbitrary configurations, but it will also be useful in the reverse sense, to calculate the necessary restrictions in a subject’s behavior when a global confinement policy is given. We introduce a subclass of these systems we call ”saturated”, that can provide safe and tractable approximations for the safety properties in arbitrary configurations of collaborating entities.</abstract>
<qualityIndicators><score>7.928</score>
<pdfVersion>1.6</pdfVersion>
<pdfPageSize>430 x 660 pts</pdfPageSize>
<refBibsNative>false</refBibsNative>
<keywordCount>0</keywordCount>
<abstractCharCount>822</abstractCharCount>
<pdfWordCount>11440</pdfWordCount>
<pdfCharCount>63697</pdfCharCount>
<pdfPageCount>31</pdfPageCount>
<abstractWordCount>119</abstractWordCount>
</qualityIndicators>
<title>A Practical Formal Model for Safety Analysis in Capability-Based Systems</title>
<genre><json:string>Book Chapter</json:string>
</genre>
<serie><editor><json:item><name>David Hutchison</name>
<affiliations><json:string>Lancaster University, UK</json:string>
</affiliations>
</json:item>
<json:item><name>Takeo Kanade</name>
<affiliations><json:string>Carnegie Mellon University, Pittsburgh, PA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Josef Kittler</name>
<affiliations><json:string>University of Surrey, Guildford, UK</json:string>
</affiliations>
</json:item>
<json:item><name>Jon M. Kleinberg</name>
<affiliations><json:string>Cornell University, Ithaca, NY, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Friedemann Mattern</name>
<affiliations><json:string>ETH Zurich, Switzerland</json:string>
</affiliations>
</json:item>
<json:item><name>John C. Mitchell</name>
<affiliations><json:string>Stanford University, CA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Moni Naor</name>
<affiliations><json:string>Weizmann Institute of Science, Rehovot, Israel</json:string>
</affiliations>
</json:item>
<json:item><name>Oscar Nierstrasz</name>
<affiliations><json:string>University of Bern, Switzerland</json:string>
</affiliations>
</json:item>
<json:item><name>C. Pandu Rangan</name>
<affiliations><json:string>Indian Institute of Technology, Madras, India</json:string>
</affiliations>
</json:item>
<json:item><name>Bernhard Steffen</name>
<affiliations><json:string>University of Dortmund, Germany</json:string>
</affiliations>
</json:item>
<json:item><name>Madhu Sudan</name>
<affiliations><json:string>Massachusetts Institute of Technology, MA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Demetri Terzopoulos</name>
<affiliations><json:string>New York University, NY, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Dough Tygar</name>
<affiliations><json:string>University of California, Berkeley, CA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Moshe Y. Vardi</name>
<affiliations><json:string>Rice University, Houston, TX, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Gerhard Weikum</name>
<affiliations><json:string>Max-Planck Institute of Computer Science, Saarbruecken, Germany</json:string>
</affiliations>
</json:item>
</editor>
<issn><json:string>0302-9743</json:string>
</issn>
<genre><json:string>book series</json:string>
</genre>
<language><json:string>unknown</json:string>
</language>
<eissn><json:string>1611-3349</json:string>
</eissn>
<title>Lecture Notes in Computer Science</title>
<copyrightDate>2005</copyrightDate>
</serie>
<host><volume>3705</volume>
<editor><json:item><name>Rocco De Nicola</name>
<affiliations><json:string>Dipartimento di Sistemi e Informatica, Università di Firenze, Italy</json:string>
<json:string>E-mail: denicola@dsi.unifi.it</json:string>
</affiliations>
</json:item>
<json:item><name>Davide Sangiorgi</name>
<affiliations><json:string>Università di Bologna, Italy</json:string>
<json:string>E-mail: Davide.Sangiorgi@cs.unibo.it</json:string>
</affiliations>
</json:item>
</editor>
<pages><last>278</last>
<first>248</first>
</pages>
<subject><json:item><value>Computer Science</value>
</json:item>
<json:item><value>Computer Science</value>
</json:item>
<json:item><value>Software Engineering</value>
</json:item>
<json:item><value>Computer Communication Networks</value>
</json:item>
<json:item><value>Programming Techniques</value>
</json:item>
<json:item><value>Operating Systems</value>
</json:item>
<json:item><value>Programming Languages, Compilers, Interpreters</value>
</json:item>
<json:item><value>Logics and Meanings of Programs</value>
</json:item>
</subject>
<isbn><json:string>978-3-540-30007-6</json:string>
</isbn>
<genre><json:string>book series</json:string>
</genre>
<language><json:string>unknown</json:string>
</language>
<eisbn><json:string>978-3-540-31483-7</json:string>
</eisbn>
<title>Trustworthy Global Computing</title>
<copyrightDate>2005</copyrightDate>
<doi><json:string>10.1007/11580850</json:string>
</doi>
</host>
<copyrightDate>2005</copyrightDate>
<doi><json:string>10.1007/11580850_14</json:string>
</doi>
<id>F67C068A61CFEA1053719ECFBBD582685E11EB9A</id>
<fulltext><json:item><original>true</original>
<mimetype>application/pdf</mimetype>
<extension>pdf</extension>
<uri>https://api.istex.fr/document/F67C068A61CFEA1053719ECFBBD582685E11EB9A/fulltext/pdf</uri>
</json:item>
<json:item><original>false</original>
<mimetype>application/zip</mimetype>
<extension>zip</extension>
<uri>https://api.istex.fr/document/F67C068A61CFEA1053719ECFBBD582685E11EB9A/fulltext/zip</uri>
</json:item>
<istex:fulltextTEI uri="https://api.istex.fr/document/F67C068A61CFEA1053719ECFBBD582685E11EB9A/fulltext/tei"><teiHeader><fileDesc><titleStmt><title level="a" type="main" xml:lang="en">A Practical Formal Model for Safety Analysis in Capability-Based Systems</title>
<respStmt xml:id="ISTEX-API" resp="Références bibliographiques récupérées via GROBID" name="ISTEX-API (INIST-CNRS)"></respStmt>
</titleStmt>
<publicationStmt><authority>ISTEX</authority>
<publisher>Springer Berlin Heidelberg</publisher>
<pubPlace>Berlin, Heidelberg</pubPlace>
<date>2005</date>
</publicationStmt>
<notesStmt><note>An erratum to this chapter can be found at http://dx.doi.org/10.1007/11580850_20 .</note>
</notesStmt>
<sourceDesc><biblStruct type="inbook"><analytic><title level="a" type="main" xml:lang="en">A Practical Formal Model for Safety Analysis in Capability-Based Systems</title>
<author><persName><forename type="first">Fred</forename>
<surname>Spiessens</surname>
</persName>
<email>fsp@info.ucl.ac.be</email>
<affiliation>Université catholique de Louvain, Louvain-la-Neuve, Belgium</affiliation>
</author>
<author><persName><forename type="first">Peter</forename>
<surname>Van Roy</surname>
</persName>
<email>pvr@info.ucl.ac.be</email>
<affiliation>Université catholique de Louvain, Louvain-la-Neuve, Belgium</affiliation>
</author>
</analytic>
<monogr><title level="m">Trustworthy Global Computing</title>
<title level="m" type="sub">International Symposium, TGC 2005, Edinburgh, UK, April 7-9, 2005. Revised Selected Papers</title>
<idno type="pISBN">978-3-540-30007-6</idno>
<idno type="eISBN">978-3-540-31483-7</idno>
<idno type="DOI">10.1007/11580850</idno>
<idno type="BookID">978-3-540-31483-7</idno>
<idno type="BookTitleID">127545</idno>
<idno type="BookSequenceNumber">3705</idno>
<idno type="BookVolumeNumber">3705</idno>
<idno type="BookChapterCount">20</idno>
<editor><persName><forename type="first">Rocco</forename>
<surname>De Nicola</surname>
</persName>
<email>denicola@dsi.unifi.it</email>
<affiliation>Dipartimento di Sistemi e Informatica, Università di Firenze, Italy</affiliation>
</editor>
<editor><persName><forename type="first">Davide</forename>
<surname>Sangiorgi</surname>
</persName>
<email>Davide.Sangiorgi@cs.unibo.it</email>
<affiliation>Università di Bologna, Italy</affiliation>
</editor>
<imprint><publisher>Springer Berlin Heidelberg</publisher>
<pubPlace>Berlin, Heidelberg</pubPlace>
<date>2005</date>
<biblScope unit="volume">3705</biblScope>
<biblScope unit="page" from="248">248</biblScope>
<biblScope unit="page" to="278">278</biblScope>
</imprint>
</monogr>
<series><title level="s">Lecture Notes in Computer Science</title>
<editor><persName><forename type="first">David</forename>
<surname>Hutchison</surname>
</persName>
<affiliation>Lancaster University, UK</affiliation>
</editor>
<editor><persName><forename type="first">Takeo</forename>
<surname>Kanade</surname>
</persName>
<affiliation>Carnegie Mellon University, Pittsburgh, PA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Josef</forename>
<surname>Kittler</surname>
</persName>
<affiliation>University of Surrey, Guildford, UK</affiliation>
</editor>
<editor><persName><forename type="first">Jon</forename>
<forename type="first">M.</forename>
<surname>Kleinberg</surname>
</persName>
<affiliation>Cornell University, Ithaca, NY, USA</affiliation>
</editor>
<editor><persName><forename type="first">Friedemann</forename>
<surname>Mattern</surname>
</persName>
<affiliation>ETH Zurich, Switzerland</affiliation>
</editor>
<editor><persName><forename type="first">John</forename>
<forename type="first">C.</forename>
<surname>Mitchell</surname>
</persName>
<affiliation>Stanford University, CA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Moni</forename>
<surname>Naor</surname>
</persName>
<affiliation>Weizmann Institute of Science, Rehovot, Israel</affiliation>
</editor>
<editor><persName><forename type="first">Oscar</forename>
<surname>Nierstrasz</surname>
</persName>
<affiliation>University of Bern, Switzerland</affiliation>
</editor>
<editor><persName><forename type="first">C.</forename>
<surname>Pandu Rangan</surname>
</persName>
<affiliation>Indian Institute of Technology, Madras, India</affiliation>
</editor>
<editor><persName><forename type="first">Bernhard</forename>
<surname>Steffen</surname>
</persName>
<affiliation>University of Dortmund, Germany</affiliation>
</editor>
<editor><persName><forename type="first">Madhu</forename>
<surname>Sudan</surname>
</persName>
<affiliation>Massachusetts Institute of Technology, MA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Demetri</forename>
<surname>Terzopoulos</surname>
</persName>
<affiliation>New York University, NY, USA</affiliation>
</editor>
<editor><persName><forename type="first">Dough</forename>
<surname>Tygar</surname>
</persName>
<affiliation>University of California, Berkeley, CA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Moshe</forename>
<forename type="first">Y.</forename>
<surname>Vardi</surname>
</persName>
<affiliation>Rice University, Houston, TX, USA</affiliation>
</editor>
<editor><persName><forename type="first">Gerhard</forename>
<surname>Weikum</surname>
</persName>
<affiliation>Max-Planck Institute of Computer Science, Saarbruecken, Germany</affiliation>
</editor>
<biblScope><date>2005</date>
</biblScope>
<idno type="pISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="seriesId">558</idno>
</series>
<idno type="istex">F67C068A61CFEA1053719ECFBBD582685E11EB9A</idno>
<idno type="DOI">10.1007/11580850_14</idno>
<idno type="ChapterID">Chap14</idno>
<idno type="ChapterID">14</idno>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc><creation><date>2005</date>
</creation>
<langUsage><language ident="en">en</language>
</langUsage>
<abstract xml:lang="en"><p>Abstract: We present a formal system that models programmable abstractions for access control. Composite abstractions and patterns of arbitrary complexity are modeled as a configuration of communicating subjects. The subjects in the model can express behavior that corresponds to how information and authority are propagated in capability systems. The formalism is designed to be useful for analyzing how information and authority are confined in arbitrary configurations, but it will also be useful in the reverse sense, to calculate the necessary restrictions in a subject’s behavior when a global confinement policy is given. We introduce a subclass of these systems we call ”saturated”, that can provide safe and tractable approximations for the safety properties in arbitrary configurations of collaborating entities.</p>
</abstract>
<textClass><keywords scheme="Book Subject Collection"><list><label>SUCO11645</label>
<item><term>Computer Science</term>
</item>
</list>
</keywords>
</textClass>
<textClass><keywords scheme="Book Subject Group"><list><label>I</label>
<label>I14029</label>
<label>I13022</label>
<label>I14010</label>
<label>I14045</label>
<label>I14037</label>
<label>I1603X</label>
<item><term>Computer Science</term>
</item>
<item><term>Software Engineering</term>
</item>
<item><term>Computer Communication Networks</term>
</item>
<item><term>Programming Techniques</term>
</item>
<item><term>Operating Systems</term>
</item>
<item><term>Programming Languages, Compilers, Interpreters</term>
</item>
<item><term>Logics and Meanings of Programs</term>
</item>
</list>
</keywords>
</textClass>
</profileDesc>
<revisionDesc><change>undefined</change>
<change>[object Object]</change>
</revisionDesc>
</teiHeader>
</istex:fulltextTEI>
<json:item><original>false</original>
<mimetype>text/plain</mimetype>
<extension>txt</extension>
<uri>https://api.istex.fr/document/F67C068A61CFEA1053719ECFBBD582685E11EB9A/fulltext/txt</uri>
</json:item>
</fulltext>
<metadata><istex:metadataXml wicri:clean="Springer, Publisher found" wicri:toSee="no header"><istex:xmlDeclaration>version="1.0" encoding="UTF-8"</istex:xmlDeclaration>
<istex:docType PUBLIC="-//Springer-Verlag//DTD A++ V2.4//EN" URI="http://devel.springer.de/A++/V2.4/DTD/A++V2.4.dtd" name="istex:docType"></istex:docType>
<istex:document><Publisher><PublisherInfo><PublisherName>Springer Berlin Heidelberg</PublisherName>
<PublisherLocation>Berlin, Heidelberg</PublisherLocation>
</PublisherInfo>
<Series><SeriesInfo SeriesType="Series" TocLevels="0"><SeriesID>558</SeriesID>
<SeriesPrintISSN>0302-9743</SeriesPrintISSN>
<SeriesElectronicISSN>1611-3349</SeriesElectronicISSN>
<SeriesTitle Language="En">Lecture Notes in Computer Science</SeriesTitle>
</SeriesInfo>
<SeriesHeader><EditorGroup><Editor AffiliationIDS="Aff1"><EditorName DisplayOrder="Western"><GivenName>David</GivenName>
<FamilyName>Hutchison</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff2"><EditorName DisplayOrder="Western"><GivenName>Takeo</GivenName>
<FamilyName>Kanade</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff3"><EditorName DisplayOrder="Western"><GivenName>Josef</GivenName>
<FamilyName>Kittler</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff4"><EditorName DisplayOrder="Western"><GivenName>Jon</GivenName>
<GivenName>M.</GivenName>
<FamilyName>Kleinberg</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff5"><EditorName DisplayOrder="Western"><GivenName>Friedemann</GivenName>
<FamilyName>Mattern</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff6"><EditorName DisplayOrder="Western"><GivenName>John</GivenName>
<GivenName>C.</GivenName>
<FamilyName>Mitchell</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff7"><EditorName DisplayOrder="Western"><GivenName>Moni</GivenName>
<FamilyName>Naor</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff8"><EditorName DisplayOrder="Western"><GivenName>Oscar</GivenName>
<FamilyName>Nierstrasz</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff9"><EditorName DisplayOrder="Western"><GivenName>C.</GivenName>
<FamilyName>Pandu Rangan</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff10"><EditorName DisplayOrder="Western"><GivenName>Bernhard</GivenName>
<FamilyName>Steffen</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff11"><EditorName DisplayOrder="Western"><GivenName>Madhu</GivenName>
<FamilyName>Sudan</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff12"><EditorName DisplayOrder="Western"><GivenName>Demetri</GivenName>
<FamilyName>Terzopoulos</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff13"><EditorName DisplayOrder="Western"><GivenName>Dough</GivenName>
<FamilyName>Tygar</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff14"><EditorName DisplayOrder="Western"><GivenName>Moshe</GivenName>
<GivenName>Y.</GivenName>
<FamilyName>Vardi</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff15"><EditorName DisplayOrder="Western"><GivenName>Gerhard</GivenName>
<FamilyName>Weikum</FamilyName>
</EditorName>
</Editor>
<Affiliation ID="Aff1"><OrgName>Lancaster University</OrgName>
<OrgAddress><Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff2"><OrgName>Carnegie Mellon University</OrgName>
<OrgAddress><City>Pittsburgh</City>
<State>PA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff3"><OrgName>University of Surrey</OrgName>
<OrgAddress><City>Guildford</City>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff4"><OrgName>Cornell University</OrgName>
<OrgAddress><City>Ithaca</City>
<State>NY</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff5"><OrgName>ETH Zurich</OrgName>
<OrgAddress><Country>Switzerland</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff6"><OrgName>Stanford University</OrgName>
<OrgAddress><City>CA</City>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff7"><OrgName>Weizmann Institute of Science</OrgName>
<OrgAddress><City>Rehovot</City>
<Country>Israel</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff8"><OrgName>University of Bern</OrgName>
<OrgAddress><Country>Switzerland</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff9"><OrgName>Indian Institute of Technology</OrgName>
<OrgAddress><City>Madras</City>
<Country>India</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff10"><OrgName>University of Dortmund</OrgName>
<OrgAddress><Country>Germany</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff11"><OrgName>Massachusetts Institute of Technology</OrgName>
<OrgAddress><City>MA</City>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff12"><OrgName>New York University</OrgName>
<OrgAddress><City>NY</City>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff13"><OrgName>University of California</OrgName>
<OrgAddress><City>Berkeley</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff14"><OrgName>Rice University</OrgName>
<OrgAddress><City>Houston</City>
<State>TX</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff15"><OrgName>Max-Planck Institute of Computer Science</OrgName>
<OrgAddress><City>Saarbruecken</City>
<Country>Germany</Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</SeriesHeader>
<Book Language="En"><BookInfo BookProductType="Proceedings" ContainsESM="No" Language="En" MediaType="eBook" NumberingDepth="2" NumberingStyle="ContentOnly" OutputMedium="All" TocLevels="0"><BookID>978-3-540-31483-7</BookID>
<BookTitle>Trustworthy Global Computing</BookTitle>
<BookSubTitle>International Symposium, TGC 2005, Edinburgh, UK, April 7-9, 2005. Revised Selected Papers</BookSubTitle>
<BookVolumeNumber>3705</BookVolumeNumber>
<BookSequenceNumber>3705</BookSequenceNumber>
<BookDOI>10.1007/11580850</BookDOI>
<BookTitleID>127545</BookTitleID>
<BookPrintISBN>978-3-540-30007-6</BookPrintISBN>
<BookElectronicISBN>978-3-540-31483-7</BookElectronicISBN>
<BookChapterCount>20</BookChapterCount>
<BookCopyright><CopyrightHolderName>Springer-Verlag Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2005</CopyrightYear>
</BookCopyright>
<BookSubjectGroup><BookSubject Code="I" Type="Primary">Computer Science</BookSubject>
<BookSubject Code="I14029" Priority="1" Type="Secondary">Software Engineering</BookSubject>
<BookSubject Code="I13022" Priority="2" Type="Secondary">Computer Communication Networks</BookSubject>
<BookSubject Code="I14010" Priority="3" Type="Secondary">Programming Techniques</BookSubject>
<BookSubject Code="I14045" Priority="4" Type="Secondary">Operating Systems</BookSubject>
<BookSubject Code="I14037" Priority="5" Type="Secondary">Programming Languages, Compilers, Interpreters</BookSubject>
<BookSubject Code="I1603X" Priority="6" Type="Secondary">Logics and Meanings of Programs</BookSubject>
<SubjectCollection Code="SUCO11645">Computer Science</SubjectCollection>
</BookSubjectGroup>
<BookContext><SeriesID>558</SeriesID>
</BookContext>
</BookInfo>
<BookHeader><EditorGroup><Editor AffiliationIDS="Aff16"><EditorName DisplayOrder="Western"><GivenName>Rocco</GivenName>
<Particle>De</Particle>
<FamilyName>Nicola</FamilyName>
</EditorName>
<Contact><Email>denicola@dsi.unifi.it</Email>
</Contact>
</Editor>
<Editor AffiliationIDS="Aff17"><EditorName DisplayOrder="Western"><GivenName>Davide</GivenName>
<FamilyName>Sangiorgi</FamilyName>
</EditorName>
<Contact><Email>Davide.Sangiorgi@cs.unibo.it</Email>
</Contact>
</Editor>
<Affiliation ID="Aff16"><OrgDivision>Dipartimento di Sistemi e Informatica</OrgDivision>
<OrgName>Università di Firenze</OrgName>
<OrgAddress><Country>Italy</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff17"><OrgName>Università di Bologna</OrgName>
<OrgAddress><Country>Italy</Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</BookHeader>
<Chapter ID="Chap14" Language="En"><ChapterInfo ChapterType="OriginalPaper" ContainsESM="No" NumberingDepth="2" NumberingStyle="ContentOnly" TocLevels="0"><ChapterID>14</ChapterID>
<ChapterDOI>10.1007/11580850_14</ChapterDOI>
<ChapterSequenceNumber>14</ChapterSequenceNumber>
<ChapterTitle Language="En">A Practical Formal Model for Safety Analysis in Capability-Based Systems</ChapterTitle>
<ChapterFirstPage>248</ChapterFirstPage>
<ChapterLastPage>278</ChapterLastPage>
<ChapterCopyright><CopyrightHolderName>Springer-Verlag Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2005</CopyrightYear>
</ChapterCopyright>
<ChapterGrants Type="Regular"><MetadataGrant Grant="OpenAccess"></MetadataGrant>
<AbstractGrant Grant="OpenAccess"></AbstractGrant>
<BodyPDFGrant Grant="Restricted"></BodyPDFGrant>
<BodyHTMLGrant Grant="Restricted"></BodyHTMLGrant>
<BibliographyGrant Grant="Restricted"></BibliographyGrant>
<ESMGrant Grant="Restricted"></ESMGrant>
</ChapterGrants>
<ChapterContext><SeriesID>558</SeriesID>
<BookID>978-3-540-31483-7</BookID>
<BookTitle>Trustworthy Global Computing</BookTitle>
</ChapterContext>
</ChapterInfo>
<ChapterHeader><AuthorGroup><Author AffiliationIDS="Aff18"><AuthorName DisplayOrder="Western"><GivenName>Fred</GivenName>
<FamilyName>Spiessens</FamilyName>
</AuthorName>
<Contact><Email>fsp@info.ucl.ac.be</Email>
</Contact>
</Author>
<Author AffiliationIDS="Aff18"><AuthorName DisplayOrder="Western"><GivenName>Peter</GivenName>
<Particle>Van</Particle>
<FamilyName>Roy</FamilyName>
</AuthorName>
<Contact><Email>pvr@info.ucl.ac.be</Email>
</Contact>
</Author>
<Affiliation ID="Aff18"><OrgName>Université catholique de Louvain</OrgName>
<OrgAddress><City>Louvain-la-Neuve</City>
<Country>Belgium</Country>
</OrgAddress>
</Affiliation>
</AuthorGroup>
<Abstract ID="Abs1" Language="En"><Heading>Abstract</Heading>
<Para>We present a formal system that models programmable abstractions for access control. Composite abstractions and patterns of arbitrary complexity are modeled as a configuration of communicating subjects. The subjects in the model can express behavior that corresponds to how information and authority are propagated in capability systems.</Para>
<Para>The formalism is designed to be useful for analyzing how information and authority are confined in arbitrary configurations, but it will also be useful in the reverse sense, to calculate the necessary restrictions in a subject’s behavior when a global confinement policy is given.</Para>
<Para>We introduce a subclass of these systems we call ”saturated”, that can provide safe and tractable approximations for the safety properties in arbitrary configurations of collaborating entities.</Para>
</Abstract>
<ArticleNote Type="Misc"><SimplePara>An erratum to this chapter can be found at <ExternalRef><RefSource><Literal>http://dx.doi.org/10.1007/11580850_20</Literal>
</RefSource>
<RefTarget Address="http://dx.doi.org/10.1007/11580850_20" TargetType="URL"></RefTarget>
</ExternalRef>
.</SimplePara>
</ArticleNote>
</ChapterHeader>
<NoBody></NoBody>
</Chapter>
</Book>
</Series>
</Publisher>
</istex:document>
</istex:metadataXml>
<mods version="3.6"><titleInfo lang="en"><title>A Practical Formal Model for Safety Analysis in Capability-Based Systems</title>
</titleInfo>
<titleInfo type="alternative" contentType="CDATA" lang="en"><title>A Practical Formal Model for Safety Analysis in Capability-Based Systems</title>
</titleInfo>
<name type="personal"><namePart type="given">Fred</namePart>
<namePart type="family">Spiessens</namePart>
<affiliation>Université catholique de Louvain, Louvain-la-Neuve, Belgium</affiliation>
<affiliation>E-mail: fsp@info.ucl.ac.be</affiliation>
<role><roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Peter</namePart>
<namePart type="family">Van Roy</namePart>
<affiliation>Université catholique de Louvain, Louvain-la-Neuve, Belgium</affiliation>
<affiliation>E-mail: pvr@info.ucl.ac.be</affiliation>
<role><roleTerm type="text">author</roleTerm>
</role>
</name>
<typeOfResource>text</typeOfResource>
<genre type="Book Chapter">OriginalPaper</genre>
<originInfo><publisher>Springer Berlin Heidelberg</publisher>
<place><placeTerm type="text">Berlin, Heidelberg</placeTerm>
</place>
<copyrightDate encoding="w3cdtf">2005</copyrightDate>
</originInfo>
<language><languageTerm type="code" authority="rfc3066">en</languageTerm>
<languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<physicalDescription><internetMediaType>text/html</internetMediaType>
</physicalDescription>
<abstract lang="en">Abstract: We present a formal system that models programmable abstractions for access control. Composite abstractions and patterns of arbitrary complexity are modeled as a configuration of communicating subjects. The subjects in the model can express behavior that corresponds to how information and authority are propagated in capability systems. The formalism is designed to be useful for analyzing how information and authority are confined in arbitrary configurations, but it will also be useful in the reverse sense, to calculate the necessary restrictions in a subject’s behavior when a global confinement policy is given. We introduce a subclass of these systems we call ”saturated”, that can provide safe and tractable approximations for the safety properties in arbitrary configurations of collaborating entities.</abstract>
<note>An erratum to this chapter can be found at http://dx.doi.org/10.1007/11580850_20 .</note>
<relatedItem type="host"><titleInfo><title>Trustworthy Global Computing</title>
<subTitle>International Symposium, TGC 2005, Edinburgh, UK, April 7-9, 2005. Revised Selected Papers</subTitle>
</titleInfo>
<name type="personal"><namePart type="given">Rocco</namePart>
<namePart type="family">De Nicola</namePart>
<affiliation>Dipartimento di Sistemi e Informatica, Università di Firenze, Italy</affiliation>
<affiliation>E-mail: denicola@dsi.unifi.it</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Davide</namePart>
<namePart type="family">Sangiorgi</namePart>
<affiliation>Università di Bologna, Italy</affiliation>
<affiliation>E-mail: Davide.Sangiorgi@cs.unibo.it</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<genre type="book series">Proceedings</genre>
<originInfo><copyrightDate encoding="w3cdtf">2005</copyrightDate>
<issuance>monographic</issuance>
</originInfo>
<subject><genre>Book Subject Collection</genre>
<topic authority="SpringerSubjectCodes" authorityURI="SUCO11645">Computer Science</topic>
</subject>
<subject><genre>Book Subject Group</genre>
<topic authority="SpringerSubjectCodes" authorityURI="I">Computer Science</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I14029">Software Engineering</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I13022">Computer Communication Networks</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I14010">Programming Techniques</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I14045">Operating Systems</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I14037">Programming Languages, Compilers, Interpreters</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I1603X">Logics and Meanings of Programs</topic>
</subject>
<identifier type="DOI">10.1007/11580850</identifier>
<identifier type="ISBN">978-3-540-30007-6</identifier>
<identifier type="eISBN">978-3-540-31483-7</identifier>
<identifier type="BookTitleID">127545</identifier>
<identifier type="BookID">978-3-540-31483-7</identifier>
<identifier type="BookChapterCount">20</identifier>
<identifier type="BookVolumeNumber">3705</identifier>
<identifier type="BookSequenceNumber">3705</identifier>
<part><date>2005</date>
<detail type="volume"><number>3705</number>
<caption>vol.</caption>
</detail>
<extent unit="pages"><start>248</start>
<end>278</end>
</extent>
</part>
<recordInfo><recordOrigin>Springer-Verlag Berlin Heidelberg, 2005</recordOrigin>
</recordInfo>
</relatedItem>
<relatedItem type="series"><titleInfo><title>Lecture Notes in Computer Science</title>
</titleInfo>
<name type="personal"><namePart type="given">David</namePart>
<namePart type="family">Hutchison</namePart>
<affiliation>Lancaster University, UK</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Takeo</namePart>
<namePart type="family">Kanade</namePart>
<affiliation>Carnegie Mellon University, Pittsburgh, PA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Josef</namePart>
<namePart type="family">Kittler</namePart>
<affiliation>University of Surrey, Guildford, UK</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Jon</namePart>
<namePart type="given">M.</namePart>
<namePart type="family">Kleinberg</namePart>
<affiliation>Cornell University, Ithaca, NY, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Friedemann</namePart>
<namePart type="family">Mattern</namePart>
<affiliation>ETH Zurich, Switzerland</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">John</namePart>
<namePart type="given">C.</namePart>
<namePart type="family">Mitchell</namePart>
<affiliation>Stanford University, CA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Moni</namePart>
<namePart type="family">Naor</namePart>
<affiliation>Weizmann Institute of Science, Rehovot, Israel</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Oscar</namePart>
<namePart type="family">Nierstrasz</namePart>
<affiliation>University of Bern, Switzerland</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">C.</namePart>
<namePart type="family">Pandu Rangan</namePart>
<affiliation>Indian Institute of Technology, Madras, India</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Bernhard</namePart>
<namePart type="family">Steffen</namePart>
<affiliation>University of Dortmund, Germany</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Madhu</namePart>
<namePart type="family">Sudan</namePart>
<affiliation>Massachusetts Institute of Technology, MA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Demetri</namePart>
<namePart type="family">Terzopoulos</namePart>
<affiliation>New York University, NY, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Dough</namePart>
<namePart type="family">Tygar</namePart>
<affiliation>University of California, Berkeley, CA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Moshe</namePart>
<namePart type="given">Y.</namePart>
<namePart type="family">Vardi</namePart>
<affiliation>Rice University, Houston, TX, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Gerhard</namePart>
<namePart type="family">Weikum</namePart>
<affiliation>Max-Planck Institute of Computer Science, Saarbruecken, Germany</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<genre type="book series">series</genre>
<originInfo><copyrightDate encoding="w3cdtf">2005</copyrightDate>
<issuance>serial</issuance>
</originInfo>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="SeriesID">558</identifier>
<recordInfo><recordOrigin>Springer-Verlag Berlin Heidelberg, 2005</recordOrigin>
</recordInfo>
</relatedItem>
<identifier type="istex">F67C068A61CFEA1053719ECFBBD582685E11EB9A</identifier>
<identifier type="DOI">10.1007/11580850_14</identifier>
<identifier type="ChapterID">Chap14</identifier>
<identifier type="ChapterID">14</identifier>
<accessCondition type="use and reproduction" contentType="Copyright">Springer-Verlag Berlin Heidelberg</accessCondition>
<recordInfo><recordOrigin>Springer-Verlag Berlin Heidelberg, 2005</recordOrigin>
</recordInfo>
</mods>
</metadata>
<enrichments><istex:refBibTEI uri="https://api.istex.fr/document/F67C068A61CFEA1053719ECFBBD582685E11EB9A/enrichments/refBib"><teiHeader></teiHeader>
<text><front></front>
<body></body>
<back><listBibl><biblStruct xml:id="b0"><analytic><title level="a" type="main">On the inability of an unmodified capability machine to enforce the *-property</title>
<author><persName><forename type="first">W</forename>
<forename type="middle">E</forename>
<surname>Boebert</surname>
</persName>
</author>
</analytic>
<monogr><title level="m">Proceedings of 7th</title>
<meeting>7th</meeting>
<imprint></imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b1"><monogr><title></title>
<author><persName><forename type="first">/</forename>
<surname>Dod</surname>
</persName>
</author>
<author><persName><surname>Computer Security</surname>
</persName>
</author>
<author><persName><surname>Conference</surname>
</persName>
</author>
<imprint><date type="published" when="1984-09"></date>
<biblScope unit="page" from="45" to="54"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b2"><analytic><title level="a" type="main">The transfer of information and authority in a protection system</title>
<author><persName><forename type="first">Matt</forename>
<surname>Bishop</surname>
</persName>
</author>
<author><persName><forename type="first">Lawrence</forename>
<surname>Snyder</surname>
</persName>
</author>
</analytic>
<monogr><title level="m">Proceedings of the seventh ACM symposium on Operating systems principles</title>
<meeting>the seventh ACM symposium on Operating systems principles</meeting>
<imprint><publisher>ACM Press</publisher>
<date type="published" when="1979"></date>
<biblScope unit="page" from="45" to="54"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b3"><monogr><title level="m" type="main">Programming semantics for multiprogrammed computations</title>
<author><persName><forename type="first">J</forename>
<forename type="middle">B</forename>
<surname>Dennis</surname>
</persName>
</author>
<author><persName><forename type="first">E</forename>
<forename type="middle">C</forename>
<surname>Van Horn</surname>
</persName>
</author>
<imprint><date type="published" when="1965"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b4"><monogr><title level="m" type="main">Extending the take-grant protection system</title>
<author><persName><forename type="first">Jeremy</forename>
<surname>Frank</surname>
</persName>
</author>
<author><persName><forename type="first">Matt</forename>
<surname>Bishop</surname>
</persName>
</author>
<imprint><date type="published" when="1996-12"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b5"><analytic><title level="a" type="main">The confused deputy</title>
<author><persName><forename type="first">Norm</forename>
<surname>Hardy</surname>
</persName>
</author>
</analytic>
<monogr><title level="j">ACM SIGOPS Oper. Syst. Rev</title>
<imprint><biblScope unit="volume">22</biblScope>
<biblScope unit="issue">4</biblScope>
<biblScope unit="page" from="36" to="38"></biblScope>
<date type="published" when="1989"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b6"><analytic><title level="a" type="main">The model checker spin</title>
<author><persName><forename type="first">Gerard</forename>
<forename type="middle">J</forename>
<surname>Holzmann</surname>
</persName>
</author>
</analytic>
<monogr><title level="j">IEEE Trans. Softw. Eng</title>
<imprint><biblScope unit="volume">23</biblScope>
<biblScope unit="issue">5</biblScope>
<biblScope unit="page" from="279" to="295"></biblScope>
<date type="published" when="1997"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b7"><analytic><title level="a" type="main">Protection in operating systems</title>
<author><persName><forename type="first">Michael</forename>
<forename type="middle">A</forename>
<surname>Harrison</surname>
</persName>
</author>
<author><persName><forename type="first">Walter</forename>
<forename type="middle">L</forename>
<surname>Ruzzo</surname>
</persName>
</author>
<author><persName><forename type="first">Jeffrey</forename>
<forename type="middle">D</forename>
<surname>Ullman</surname>
</persName>
</author>
</analytic>
<monogr><title level="j">Commun. ACM</title>
<imprint><biblScope unit="volume">19</biblScope>
<biblScope unit="issue">8</biblScope>
<biblScope unit="page" from="461" to="471"></biblScope>
<date type="published" when="1976"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b8"><analytic><title level="a" type="main">The protection of information in computer systems</title>
<author><persName><forename type="first">Jerome</forename>
<forename type="middle">H</forename>
<surname>Salzer</surname>
</persName>
</author>
<author><persName><forename type="first">Michael</forename>
<forename type="middle">D</forename>
<surname>Schroeder</surname>
</persName>
</author>
</analytic>
<monogr><title level="m">Fourth ACM Symposium on Operating System Principles</title>
<imprint><date type="published" when="1973-03"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b9"><monogr><title level="m" type="main">Secure Systems Development with UML</title>
<author><persName><forename type="first">Jan</forename>
<surname>Jürjens</surname>
</persName>
</author>
<imprint><date type="published" when="2005-06"></date>
<publisher>Springer</publisher>
<pubPlace>Berlin</pubPlace>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b10"><monogr><title level="m" type="main">Programming cryptographic protocols</title>
<author><persName><forename type="first">Joshua</forename>
<forename type="middle">D</forename>
<surname>Guttman</surname>
</persName>
</author>
<author><persName><forename type="first">Jonathan</forename>
<forename type="middle">C</forename>
<surname>Herzog</surname>
</persName>
</author>
<author><persName><forename type="first">John</forename>
<forename type="middle">D</forename>
</persName>
</author>
<author><persName><forename type="first">Brian</forename>
<forename type="middle">T</forename>
<surname>Sniffen</surname>
</persName>
</author>
<imprint></imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b11"><analytic><title level="a" type="main">On access checking in capabilitybased systems</title>
<author><persName><forename type="first">Richard</forename>
<forename type="middle">Y</forename>
<surname>Kain</surname>
</persName>
</author>
<author><persName><forename type="first">Carl</forename>
<forename type="middle">E</forename>
<surname>Landwehr</surname>
</persName>
</author>
</analytic>
<monogr><title level="j">IEEE Trans. Softw. Eng</title>
<imprint><biblScope unit="volume">13</biblScope>
<biblScope unit="issue">2</biblScope>
<biblScope unit="page" from="202" to="207"></biblScope>
<date type="published" when="1987"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b12"><analytic><title level="a" type="main">A linear time algorithm for deciding subject security</title>
<author><persName><forename type="first">R</forename>
<forename type="middle">J</forename>
<surname>Lipton</surname>
</persName>
</author>
<author><persName><forename type="first">L</forename>
<surname>Snyder</surname>
</persName>
</author>
</analytic>
<monogr><title level="j">J. ACM</title>
<imprint><biblScope unit="volume">24</biblScope>
<biblScope unit="issue">3</biblScope>
<biblScope unit="page" from="455" to="464"></biblScope>
<date type="published" when="1977"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b13"><analytic><title level="a" type="main">Paradigm regained: Abstraction mechanisms for access control</title>
<author><persName><forename type="first">Mark</forename>
<forename type="middle">S</forename>
<surname>Miller</surname>
</persName>
</author>
<author><persName><forename type="first">Jonathan</forename>
<surname>Shapiro</surname>
</persName>
</author>
</analytic>
<monogr><title level="m">8th Asian Computing Science Conference (ASIAN03)</title>
<imprint><date type="published" when="2003-12"></date>
<biblScope unit="page" from="224" to="242"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b14"><monogr><title level="m" type="main">E: Open source distributed capabilities</title>
<author><persName><forename type="first">Mark</forename>
<surname>Miller</surname>
</persName>
</author>
<author><persName><forename type="first">Marc</forename>
<surname>Stiegler</surname>
</persName>
</author>
<author><persName><forename type="first">Tyler</forename>
<surname>Close</surname>
</persName>
</author>
<author><persName><forename type="first">Bill</forename>
<surname>Frantz</surname>
</persName>
</author>
<author><persName><forename type="first">Ka-Ping</forename>
<surname>Yee</surname>
</persName>
</author>
<author><persName><forename type="first">Chip</forename>
<surname>Morningstar</surname>
</persName>
</author>
<author><persName><forename type="first">Jonathan</forename>
<surname>Shapiro</surname>
</persName>
</author>
<author><persName><forename type="first">Norm</forename>
<surname>Hardy</surname>
</persName>
</author>
<author><persName><forename type="first">E</forename>
<forename type="middle">Dean</forename>
<surname>Tribble</surname>
</persName>
</author>
<author><persName><forename type="first">Doug</forename>
<surname>Barnes</surname>
</persName>
</author>
<author><persName><forename type="first">Dan</forename>
<surname>Bornstien</surname>
</persName>
</author>
<author><persName><forename type="first">Bryce</forename>
<surname>Wilcox-O 'hearn</surname>
</persName>
</author>
<author><persName><forename type="first">Terry</forename>
<surname>Stanley</surname>
</persName>
</author>
<imprint><date type="published" when="2001"></date>
<publisher>Kevin Reid, and Darius Bacon</publisher>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b15"><analytic><title level="a" type="main">The structure of authority: Why security is not a separable concern</title>
<author><persName><forename type="first">Mark</forename>
<forename type="middle">S</forename>
<surname>Miller</surname>
</persName>
</author>
<author><persName><forename type="first">Jonathan</forename>
<forename type="middle">S</forename>
<surname>Tulloh</surname>
</persName>
</author>
<author><persName><surname>Shapiro</surname>
</persName>
</author>
</analytic>
<monogr><title level="m">Multiparadigm Programming in Mozart/Oz: Proceedings of MOZ 2004</title>
<imprint><publisher>Springer-Verlag</publisher>
<date type="published" when="2005"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b16"><analytic><title level="a" type="main">Temporal concurrent constraint programming: denotation, logic and applications</title>
<author><persName><forename type="first">Mogens</forename>
<surname>Nielsen</surname>
</persName>
</author>
<author><persName><forename type="first">Catuscia</forename>
<surname>Palamidessi</surname>
</persName>
</author>
<author><persName><forename type="first">Frank</forename>
<forename type="middle">D</forename>
<surname>Valencia</surname>
</persName>
</author>
</analytic>
<monogr><title level="j">Nordic J. of Computing</title>
<imprint><biblScope unit="volume">9</biblScope>
<biblScope unit="issue">2</biblScope>
<biblScope unit="page" from="145" to="188"></biblScope>
<date type="published" when="2002"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b17"><analytic><title level="a" type="main">The reachability propagator</title>
<author><persName><forename type="first">Luis</forename>
<surname>Quesada</surname>
</persName>
</author>
<author><persName><forename type="first">Peter</forename>
<surname>Van Roy</surname>
</persName>
</author>
<author><persName><forename type="first">Yves</forename>
<surname>Deville</surname>
</persName>
</author>
</analytic>
<monogr><title level="m">Research Report INFO-2005-07</title>
<meeting><address><addrLine>Louvain-la-Neuve, Belgium</addrLine>
</address>
</meeting>
<imprint><date type="published" when="2005"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b18"><monogr><title level="m" type="main">Escape from mutlithreaded hell. concurrency in the language</title>
<author><persName><forename type="first">Stefan</forename>
<surname>Reich</surname>
</persName>
</author>
<imprint><date type="published" when="2003-03"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b19"><monogr><title level="m" type="main">Concurrent Constraint Programming</title>
<author><persName><forename type="first">Vijay</forename>
<forename type="middle">A</forename>
<surname>Saraswat</surname>
</persName>
</author>
<imprint><date type="published" when="1993"></date>
<publisher>MIT Press</publisher>
<pubPlace>Cambridge , MA</pubPlace>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b20"><analytic><title level="a" type="main">Default timed concurrent constraint programming</title>
<author><persName><forename type="first">Vijay</forename>
<forename type="middle">A</forename>
<surname>Saraswat</surname>
</persName>
</author>
<author><persName><forename type="first">Radha</forename>
<surname>Jagadeesan</surname>
</persName>
</author>
<author><persName><forename type="first">Vineet</forename>
<surname>Gupta</surname>
</persName>
</author>
</analytic>
<monogr><title level="m">POPL '95: Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages</title>
<meeting><address><addrLine>New York, NY, USA</addrLine>
</address>
</meeting>
<imprint><publisher>ACM Press</publisher>
<date type="published" when="1995"></date>
<biblScope unit="page" from="272" to="285"></biblScope>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b21"><monogr><title level="m" type="main">Authority Reduction in Protection Systems</title>
<author><persName><forename type="first">Fred</forename>
<surname>Spiessens</surname>
</persName>
</author>
<author><persName><forename type="first">Mark</forename>
<surname>Miller</surname>
</persName>
</author>
<author><persName><forename type="first">Peter</forename>
<surname>Van Roy</surname>
</persName>
</author>
<author><persName><forename type="first">Jonathan</forename>
<surname>Shapiro</surname>
</persName>
</author>
<imprint><date type="published" when="2004"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b22"><analytic><title level="a" type="main">The Oz-E project: Design guidelines for a secure multiparadigm programming language</title>
<author><persName><forename type="first">Fred</forename>
<surname>Spiessens</surname>
</persName>
</author>
<author><persName><forename type="first">Peter</forename>
<surname>Van Roy</surname>
</persName>
</author>
</analytic>
<monogr><title level="m">Extended Proceedings of the Second International Conference</title>
<imprint><publisher>Springer-Verlag</publisher>
<date type="published" when="2004"></date>
</imprint>
</monogr>
</biblStruct>
<biblStruct xml:id="b23"><monogr><title level="m" type="main">A practical formal model for safety analysis in Capability-Based systems To be published in Lecture Notes in Computer Science</title>
<author><persName><forename type="first">Fred</forename>
<surname>Spiessens</surname>
</persName>
</author>
<author><persName><forename type="first">Peter</forename>
<surname>Van Roy</surname>
</persName>
</author>
<imprint><date type="published" when="2005"></date>
<publisher>Springer-Verlag</publisher>
</imprint>
</monogr>
</biblStruct>
</listBibl>
</back>
</text>
</istex:refBibTEI>
</enrichments>
</istex>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Musique/explor/MozartV1/Data/Istex/Corpus

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000E56 | SxmlIndent | more

HfdSelect -h $EXPLOR_AREA/Data/Istex/Corpus/biblio.hfd -nk 000E56 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Musique
   |area=    MozartV1
   |flux=    Istex
   |étape=   Corpus
   |type=    RBID
   |clé=     ISTEX:F67C068A61CFEA1053719ECFBBD582685E11EB9A
   |texte=   A Practical Formal Model for Safety Analysis in Capability-Based Systems
}}

This area was generated with Dilib version V0.6.20.
Data generation: Sun Apr 10 15:06:14 2016. Site generation: Tue Feb 7 15:40:35 2023

	Serveur d'exploration sur Mozart
	Attention, ce site est en cours de développement ! Attention, site généré par des moyens informatiques à partir de corpus bruts. Les informations ne sont donc pas validées.

Serveur d'exploration sur Mozart

A Practical Formal Model for Safety Analysis in Capability-Based Systems

A Practical Formal Model for Safety Analysis in Capability-Based Systems

Source :

Abstract

Links to Exploration step

Le document en format XML

Pour manipuler ce document sous Unix (Dilib)

Pour mettre un lien sur cette page dans le réseau Wicri