By Topic

IEEE Transactions on Software Engineering

Issue 2 • Feb. 1987

Filter Results

Displaying Results 1 - 21 of 21
  • IEEE Transactions on Software Engineering - Table of contents

    Publication Year: 1987, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (477 KB)
    Freely Available from IEEE
  • IEEE Computer Society

    Publication Year: 1987, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (256 KB)
    Freely Available from IEEE
  • Guest Editors' Note

    Publication Year: 1987, Page(s):125 - 128
    Request permission for commercial reuse | PDF file iconPDF (2912 KB)
    Freely Available from IEEE
  • Views for Multilevel Database Security

    Publication Year: 1987, Page(s):129 - 140
    Cited by:  Papers (9)  |  Patents (16)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (4992 KB)

    Because views on relational database systems mathematically define arbitrary sets of stored and derived data, they have been proposed as a way of handling context-and content-dependent classification, dynamic classification, inference, aggregation, and sanitization in multilevel database systems. This paper describes basic view concepts for a multilevel-secure relational database model that addres... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extending the Noninterference Version of MLS for SAT

    Publication Year: 1987, Page(s):141 - 150
    Cited by:  Papers (30)  |  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3368 KB)

    A noninterference formulation of MLS applicable to the Secure Ada® Target (SAT) Abstract Model is developed. An analogous formulation is developed to handle the SAT type enforcement policy. Unwinding theorems are presented for both MLS and Multidomain Security (MDS) and the SAT Abstract Model is shown to satisfy both MLS and MDS. Generalizations and extensions are also considered. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Muse—A Computer Assisted Verification System

    Publication Year: 1987, Page(s):151 - 156
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2616 KB)

    Muse is a verification system which extends the collection of tools developed by SRI International for their Hierarchical Development Methodology (HDM). It enhances the SRI system by providing a capability for proving invariants and constraints for the state machine described by a specification written in SPECIAL (the specification language of HDM). In particular, it enables one to use the HDM sys... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Experience Using Two Covert Channel Analysis Techniques on a Real System Design

    Publication Year: 1987, Page(s):157 - 168
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3456 KB)

    This paper examines the application of two covert channel analysis techniques to a high level design for a real system, the Honeywell Secure Ada® Target (SAT). The techniques used were a version of the noninterference model of multilevel security due to Goguen and Meseguer and the shared resource matrix method of Kemmerer. Both techniques were applied to the Gypsy Abstract Model of the SAT. T... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A New Security Testing Method and Its Application to the Secure Xenix Kernel

    Publication Year: 1987, Page(s):169 - 183
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (4704 KB)

    A new security testing method is proposed that combines the advantages of both traditional "black box" (monolithic functional) testing and "white box" (functional-synthesis-based) testing. The new method allows significant coverage both for security model-based tests and for individual kernel-call tests. It eliminates redundant kernel test cases 1) by using a variant of control synthesis graphs, 2... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a Formal Basis for the Formal Development Method and the Ina Jo Specification Language

    Publication Year: 1987, Page(s):184 - 201
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (4416 KB)

    In carrying out SDC's Formal Development Method, one writes a specification of a system under design in the Ina Jo™ specification language and proves that the specification meets the requirements of the system. This paper develops an abstract machine model of what is specified by a level specification in an Ina Jo specification. It describes the state as defined by the front matter, computat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Access Checking in Capability-Based Systems

    Publication Year: 1987, Page(s):202 - 207
    Cited by:  Papers (10)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2456 KB)

    Public descriptions of capability-based system designs often do not clarify the necessary details concerning the propagation of access rights within the systems. A casual reader may assume that it is adequate for capabilities to be passed in accordance with the rules for data copying. A system using such a rule cannot enforce either the military security policy or the Bell and LaPadula rules. The ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design and Implementation of Secure Xenix

    Publication Year: 1987, Page(s):208 - 221
    Cited by:  Papers (16)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (5528 KB)

    Secure Xenix™ is an experimental system designed to run on IBM PC/AT workstations. Like Xenix, it is a Unix™ System V implementation on the PC/AT workstation; unlike Xenix, it eliminates the Unix security deficiencies and it enhances security policies. In this paper, we present the design features of Secure Xenix, their integration within Xenix, and some of the lessons learned from thi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Intrusion-Detection Model

    Publication Year: 1987, Page(s):222 - 232
    Cited by:  Papers (934)  |  Patents (114)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2632 KB)

    A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage. The model includes profiles for representing the behavior of subjects with respect to objects... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Factors Affecting Distributed System Security

    Publication Year: 1987, Page(s):233 - 248
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (7304 KB)

    Recent work examining distributed system security requirements. is critiqued. A notion of trust based on distributed system topology and distributed system node evaluation levels proposed in that work is shown to be deficient. The notion fails to make allowances for the distributed system physical security environment, security factors related to the management of distributed systems by more than ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Controls for Interorganization Networks

    Publication Year: 1987, Page(s):249 - 261
    Cited by:  Papers (17)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (4161 KB)

    Interorganization computer networks support person-to-person communication via electronic mail; exchange of cad/cam data, software modules, or documents via file transfer; input to an order-entry or accounting system via a database query and update protocol; and use of shared computational resources via an asynchronous message protocol or remote login. In most such interorganization arrangements, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Cycle Structure of the DES for Keys Having Palindromic (or Antipalindromic) Sequences of Round Keys

    Publication Year: 1987, Page(s):262 - 273
    Cited by:  Papers (9)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3104 KB)

    Certain DES keys have been called weak or semiweak based upon the number of distinct round keys which they produce. For the weak keys, all 16 round keys are identical and encryption is the same as decryption. For the semiweak keys, there are only two distinct round keys but no specific weakness of the DES with these keys has been demonstrated. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Interrogator: Protocol Secuity Analysis

    Publication Year: 1987, Page(s):274 - 288
    Cited by:  Papers (35)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (4360 KB)

    The Interrogator is a Prolog program that searches for security vulnerabilities in network protocols for automatic cryptographic key distribution. Given a formal specification of the protocol, it looks for message modification attacks that defeat the protocol objective. It is still under developement, but is has been able to rediscover a known vulnerability in a published protocol. It is implement... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Matching Secrets in the Absence of a Continuously Available Trusted Authority

    Publication Year: 1987, Page(s):289 - 292
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1048 KB)

    The problem of authentication of mutually suspicious parties is one that is becoming more and more important with the proliferation of distributed systems. In this paper we describe a protocol, based on the difficulty of finding discrete logarithms over finite fields, by which users can verify whether they have matching credentials without revealing their credentials to each other unless there is ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Covert Channels in LAN's

    Publication Year: 1987, Page(s):292 - 296
    Cited by:  Papers (82)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1128 KB)

    An information transfer path that allows information to be transferred in a manner that violates the security policy of a trusted network is called a covert channel. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 9th Annual International Conference on Software Engineering

    Publication Year: 1987, Page(s): 296
    Request permission for commercial reuse | PDF file iconPDF (492 KB)
    Freely Available from IEEE
  • IEEE Computer Society Publications

    Publication Year: 1987, Page(s): 296-e
    Request permission for commercial reuse | PDF file iconPDF (368 KB)
    Freely Available from IEEE
  • Call for Papers

    Publication Year: 1987, Page(s): 296
    Request permission for commercial reuse | PDF file iconPDF (46 KB)
    Freely Available from IEEE

Aims & Scope

The IEEE Transactions on Software Engineering is interested in well-defined theoretical results and empirical studies that have potential impact on the construction, analysis, or management of software. The scope of this Transactions ranges from the mechanisms through the development of principles to the application of those principles to specific environments. Specific topic areas include: a) development and maintenance methods and models, e.g., techniques and principles for the specification, design, and implementation of software systems, including notations and process models; b) assessment methods, e.g., software tests and validation, reliability models, test and diagnosis procedures, software redundancy and design for error control, and the measurements and evaluation of various aspects of the process and product; c) software project management, e.g., productivity factors, cost models, schedule and organizational issues, standards; d) tools and environments, e.g., specific tools, integrated tool environments including the associated architectures, databases, and parallel and distributed processing issues; e) system issues, e.g., hardware-software trade-off; and f) state-of-the-art surveys that provide a synthesis and comprehensive review of the historical development of one particular area of interest.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Matthew B. Dwyer
Dept. Computer Science and Engineering
256 Avery Hall
University of Nebraska-Lincoln
Lincoln, NE 68588-0115 USA
tse-eic@computer.org