Modeling nondisclosure in terms of the subject-instruction stream

Abstract

A formal definition is given of nondisclosure for a computing system and the author describes a functional decomposition of the system into two kinds of activities, namely, the selection and execution of subject instructions. Security requirements for each of the two resulting subsystems are given, and it is proved that, if each subsystem satisfies its security requirements, then the entire system satisfies the given nondisclosure property. Finally, in order to show how security can be enforced by the system, an access-control model is given for subject-instruction processing that guarantees satisfaction of the given security requirements for subject-instruction processing.<>