| Popis: |
The authors give a generalization of the definition of security for state machines given by D. Sutherland (Proc. 9th Nat. Comput. Security Conf., Sept. 1986). The generalization allows the security levels of inputs and outputs to be assigned dynamically. Its aim is merely to say what it means to infer high-level information from low-level information when the definitions of what is high and low can change. Although the generalization supports the modeling of thins like login and reclassification, it does not give any guidance about how to do login or reclassification correctly. It merely allows such procedures to be represented; this cannot be done in a straightforward way with previous models. > |
