By Topic

High-assurance synthesis of security services from basic microservices

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Sung Kim ; Dept. of Comput. Sci., Texas Univ., Richardson, TX, USA ; F. B. Bastani ; I-Ling Yen ; Ing-Ray Chen

Computer systems are vulnerable to many different types of threats ranging from harmless mistakes in data entries to malicious attacks by computer hackers. Furthermore, the explosive growth of the Internet has introduced very sophisticated ways of compromising any computer system. Consequently, a great deal of time and effort has been spent on achieving computer network security. Most of the efforts to deal with computer security have emphasized the network security aspect (i.e., the focus so far has been on intruders from outside the system). However, there also exists a significant threat from "enemies within", e.g. attacks due to malicious code embedded in the software. Whether it is intentional or not, there are many software bugs that can potentially be the source of the information misusages. One approach for dealing with this issue is to certify component security and deduce system security from its components. The advantage of this method is that it is much simpler to validate a small component as compared with a large monolithic software system. In this paper, we define a general process that allows the system security to be decomposed into orthogonal aspects so that it is possible to rigorously certify the security of a system. The approach is illustrated for the security service for an e-mail application.

Published in:

Software Reliability Engineering, 2003. ISSRE 2003. 14th International Symposium on

Date of Conference:

17-20 Nov. 2003