Abstract
To be generally useful a theory must be both theoretically sound and practically applicable. We consider the noninterference approach to security specification, focusing in particular on Roscoe's work on nondeterminism. This provides a starting point for reflecting on what features are desirable in a development method for secure systems. In an attempt to meet at least some of these requirements we use action systems which combine both event and state-based specification approaches. Using Butler's correspondence between action systems and CSP we define determinism and security properties directly in action systems. We give examples of the action system approach and discuss its advantages and disadvantages.
Get full access to this article
View all access options for this article.