Applying Automated Theorem Proving to Computer Security
Abstract
While more and more data is stored and accessed electronically, better access control methods need to be implemented for computer security. Formal modelling and analysis have been successfully used in certain areas of computer systems, such as verifying the security properties of cryptographic and authentication protocols. However, formal models for computer systems in cyberspace, like networks, have hardly advanced. A highly regarded graduate textbook cites the Take-Grant model created in 1977 as one of the "current" examples of security modelling and analysis techniques. This model is rarely used in practice though. This research implements the Take-Grant Protection model's four de jure rules and Can Share predicate in the Prototype Verification System (PVS) which automates model checking and theorem proving. This facilitates the ability to test a given Take-Grant model against many systems which are modelled using digraphs. Two models, one with error checking and one without, are created to implement take-grant rules. The first model that does not have error checking incorporated requires manual error checking. The second model uses recursion to allow for the error checking. The Can Share theorem requires further development.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2008
- Accession Number
- ADA482816
Entities
People
- Kelly Mcelroy
Organizations
- Air Force Institute of Technology