A 'new' security policy model

Abstract

A model of security is presented which integrates notions of confidentiality and integrity. This model has been developed to fulfil the needs of the RSRE SMITE project because existing modeling approaches proved to be inadequate. The authors introduce the model and subsequently compare and contrast it with existing approaches. Both an inductive confidentiality property and a noninductive integrity property have been modeled. To successfully utilize the second property, the authors have used an approach whereby the noninductiveness is absent in the model, but appears in proof obligations on refinement.<>