blk@mitre.org (Brian L. Kahn) (12/06/90)
I work in the field of computer security (compusec), also known as information security (infosec). There is about 10 years of literature in this community based on a notion of a "reference monitor", a small but omnipresent watchdog that enforces some access control policy. The reference monitor must OK any access to a data object by a subject, based upon permissions and rights attached to all subjects and objects. It is difficult to apply many of the concepts from this traditional (old-fashioned? archaic? 8-) view of system architecture to OOP. This is unfortunate because OOP has much to offer the infosec world, a domain which prizes any improvements in functional assurance, life cycle maintenance, requirements tracing, and perhaps formal modelling. Can anyone give me references to papers on infosec or access control in OOP? How about formal models (based in mathematics) for OOPLs? ADthanksVANCE, -- B< Brian Kahn blk@security.mitre.org "may the farce be with you"
dlw@odi.com (Dan Weinreb) (12/07/90)
In article <BLK.90Dec5131625@vanity.mitre.org> blk@mitre.org (Brian L. Kahn) writes:
Can anyone give me references to papers on infosec or access control
in OOP?
I recommend that you look into the literature on "capability
architecures". In particular, the Hydra project at CMU is a good
example of an object-oriented system. The trick is that they do not
use the terminology "object-oriented" or the other familiar jargon
(e.g. "method"), perhaps because those words were not in the common
vocabulary at that time. Nevertheless, it's clear that what's going
on in Hydra shows an interesting connection between object-oriented
programming and computer security.
wellerd@ajpo.sei.cmu.edu (David Weller) (12/08/90)
In article <BLK.90Dec5131625@vanity.mitre.org> blk@mitre.org (Brian L. Kahn) writes: > [background stuff...] > >It is difficult to apply many of the concepts from this traditional >(old-fashioned? archaic? 8-) view of system architecture to OOP. This >is unfortunate because OOP has much to offer the infosec world, a >domain which prizes any improvements in functional assurance, life >cycle maintenance, requirements tracing, and perhaps formal modelling. > >Can anyone give me references to papers on infosec or access control >in OOP? How about formal models (based in mathematics) for OOPLs? > Yes. Although focused on Object-Oriented Database Systems, this article provides some interesting security perspectives and a decent bibliography (OBVIOUSLY an Ed Berard protege :-). It can be found in JOOP (Mar/April 1990), pp. 18-25. "Security in Object-Oriented Database Systems." By M.B. Thuraisingham. >ADthanksVANCE, RETRwelcomeEAT :-) > >-- >B< Brian Kahn blk@security.mitre.org "may the farce be with you" ^^^^^^^^^^^^^^^^^^^^^^^^^ "Lucky me." Dave Weller | * This message void where prohibited by law. Computer Sciences Corp. | * Batteries not included. Member FDIC. LISP Disclaimer: (car (cdr ('Useless Comment 'Catchy Phrase)))
pcg@cs.aber.ac.uk (Piercarlo Grandi) (12/09/90)
On 5 Dec 90 18:16:25 GMT, blk@mitre.org (Brian L. Kahn) said: blk> I work in the field of computer security (compusec), also known as blk> information security (infosec). There is about 10 years of literature blk> in this community based on a notion of a "reference monitor", a small blk> but omnipresent watchdog that enforces some access control policy. blk> The reference monitor must OK any access to a data object by a blk> subject, based upon permissions and rights attached to all subjects blk> and objects. [ ... ] blk> Can anyone give me references to papers on infosec or access control blk> in OOP? How about formal models (based in mathematics) for OOPLs? Well, actually, under the name of "capability system" OO has been *the* thing in infosec systems for quite a long time. I would suggest having a look at some IEEE Comp. issue of old, on secure systems -- I don't remember the year, but I think it was early eighties. I especially recommend any paper about SCOMP. SCOMP is an OO capability highly secure system, the only one to have so far ahived (publicly) the A1 rating. It is implemented as an hw reference monitor implementing secure objects in an Honeywell mini, and works as a sophisticated OO MMU. There are loads of formal models for OOP secure systems. Just start with any book on capability architectures, and you are on the right track. -- Piercarlo Grandi | ARPA: pcg%uk.ac.aber.cs@nsfnet-relay.ac.uk Dept of CS, UCW Aberystwyth | UUCP: ...!mcsun!ukc!aber-cs!pcg Penglais, Aberystwyth SY23 3BZ, UK | INET: pcg@cs.aber.ac.uk