Verification: create |
Require
ModelProperties.
Require
AuxiliaryLemmas.
Section
createIsSecure.
|
Lemma
CreatePSS:
(s,t:SFSstate; u:SUBJECT)
(FuncPre1 s)
->(FuncPre2 s)
->(FuncPre3 s)
->(SecureState s)->(TransFunc u s Create t)->(SecureState t).
Intros s t Sub FP1 FP2 FP3 SS TF; Inversion TF.
Inversion H.
BreakSS .
Unfold SecureState.
Split.
Unfold DACSecureState; Simpl.
Intros.
Cut (Cases (fsecmat (secmat s) o) of
(Some y) => (set_In u0 (ActReaders y))->(PreDACRead s u0 o)
| None => True
end)
/\(Cases (fsecmat (secmat s) o) of
(Some y) => (set_In u0 (ActWriters y))->(PreDACWrite s u0 o)
| None => True
end).
Elim (fsecmat (secmat s) o).
Unfold PreDACRead PreDACWrite create_acl; Simpl.
Elim (fsecmat (secmat s) (MyDir p)); Elim (fSSC (subjectSC s) Sub).
Elim (OBJNAMEeq_dec p (ObjName o)).
Intro y.
Rewrite y.
Replace (facl (acl s) o) with (None AccessCtrlListData).
Intros.
Elim H8; Intros.
Split; Intro.
Tauto.
Tauto.
Rewrite y in H2.
Rewrite y in H4.
Symmetry.
Unfold facl.
Apply NotInDOMIsUndef.
Auto.
Intro y.
Replace (facl
(set_add ACLeq_dec
((NEWFILE p),
(acldata Sub (primaryGrp s Sub)
(ChangeUserR Sub (empty_set SUBJECT)
(ownerp perms))
(ChangeGroupR (AllGrp s) (groupp perms)
(ChangeGroupR (primaryGrp s Sub) (groupp perms)
(empty_set GRPNAME)))
(ChangeUserW Sub (empty_set SUBJECT)
(ownerp perms))
(ChangeGroupW (AllGrp s) (groupp perms)
(ChangeGroupW (primaryGrp s Sub) (groupp perms)
(empty_set GRPNAME)))
(cons Sub (nil SUBJECT))
(cons (RootGrp s) (nil GRPNAME)))) (acl s)) o)
with (facl (acl s) o).
Auto.
Unfold facl; Apply AddEq.
Unfold NEWFILE.
Intro.
Apply y.
Rewrite H8.
Simpl.
Auto.
Auto.
Auto.
Auto.
Tauto.
Unfold DACSecureState in DAC.
Split.
Apply ReadWriteImpRead; Auto.
Apply ReadWriteImpWrite; Auto.
Unfold SimpleSecurity; Simpl; Intros.
Elim (OBJNAMEeq_dec p (ObjName o)).
Intro y.
Rewrite y.
Replace (fsecmat (secmat s) o) with (None ReadersWriters).
Replace (fOSC (objectSC s) o) with (None SecClass).
Elim (fSSC (subjectSC s) u0);
Elim (fOSC (create_oSC s Sub (ObjName o)) o);
Contradiction Orelse Auto.
Symmetry.
Unfold fOSC; Apply NotInDOMIsUndef.
Replace (DOM OBJeq_dec (objectSC s)) with (DOM OBJeq_dec (acl s)).
Rewrite y in H2; Rewrite y in H4; Auto.
Symmetry; Unfold fsecmat; Apply NotInDOMIsUndef.
Cut ~(set_In o (DOM OBJeq_dec (acl s))).
Unfold not.
Intros SI1 SI2; Apply SI1.
Unfold FuncPre3 in FP3.
Unfold Included in FP3.
Auto.
Rewrite y in H2; Rewrite y in H4; Auto.
Intro y.
Replace (fOSC (create_oSC s Sub p) o) with (fOSC (objectSC s) o).
Unfold SimpleSecurity in MAC; Apply MAC.
Auto.
Qed
.
|
Lemma
CreatePSP:
(s,t:SFSstate; u:SUBJECT)
(FuncPre1 s)
->(FuncPre2 s)
->(FuncPre3 s)
->(StarProperty s)->(TransFunc u s Create t)->(StarProperty t).
Intros s t Sub FP1 FP2 FP3 SP TF; Inversion TF.
Inversion H.
Unfold StarProperty; Simpl; Intros u0 o1 o2.
Elim (OBJNAMEeq_dec p (ObjName o1));
Elim (OBJNAMEeq_dec p (ObjName o2)).
Intros y y0.
Replace (fsecmat (secmat s) o1) with (None ReadersWriters).
Elim (fsecmat (secmat s) o2); Elim (fsecmat (secmat s) o1);
Elim (fOSC (create_oSC s Sub p) o2);
Elim (fOSC (create_oSC s Sub p) o1); Trivial.
EAuto.
Intros y y0.
Replace (fsecmat (secmat s) o1) with (None ReadersWriters).
Elim (fsecmat (secmat s) o2); Elim (fOSC (create_oSC s Sub p) o2);
Elim (fOSC (create_oSC s Sub p) o1); Trivial.
EAuto.
Intros y y0.
Replace (fsecmat (secmat s) o2) with (None ReadersWriters).
Elim (fsecmat (secmat s) o1); Elim (fOSC (create_oSC s Sub p) o2);
Elim (fOSC (create_oSC s Sub p) o1); Trivial.
EAuto.
Intros y y0.
Replace (fOSC (create_oSC s Sub p) o1) with (fOSC (objectSC s) o1).
Replace (fOSC (create_oSC s Sub p) o2) with (fOSC (objectSC s) o2).
Unfold StarProperty in SP; Apply SP.
Auto.
Auto.
Qed
.
|
Lemma
CreatePCP:
(s,t:SFSstate)
(FuncPre1 s)
->(FuncPre2 s)
->(PreservesControlProp s Create t).
Intros s t FP1 FP2; Unfold PreservesControlProp; Intros Sub TF;
Inversion TF; Unfold ControlProperty.
Inversion H.
Split.
Intros.
Split.
Intro.
Inversion H8.
Simpl in H10.
Elim (OBJNAMEeq_dec p (ObjName o)).
Intro.
Cut (facl (acl s) o)=(None AccessCtrlListData).
Intro.
Rewrite H12 in H9.
Discriminate H9.
Unfold facl; Apply NotInDOMIsUndef.
Rewrite a in H2; Rewrite a in H4; Auto.
Intro.
Cut y=z.
Intro.
Cut False.
Tauto.
Rewrite H12 in H11; Inversion H11; Auto.
Cut (facl (acl s) o)=(facl (create_acl s Sub p perms) o).
Intro EQ; Rewrite <- EQ in H10; Rewrite H10 in H9; Injection H9; Auto.
Auto.
Simpl in H10.
Elim (OBJNAMEeq_dec p (ObjName o)).
Intro.
Cut (facl (acl s) o)=(None AccessCtrlListData).
Intro.
Rewrite H12 in H9.
Discriminate H9.
Unfold facl; Apply NotInDOMIsUndef.
Rewrite a in H2; Rewrite a in H4; Auto.
Intro.
Cut y=z.
Intro.
Cut False.
Tauto.
Rewrite H12 in H11; Inversion H11; Auto.
Cut (facl (acl s) o)=(facl (create_acl s Sub p perms) o).
Intro EQ; Rewrite <- EQ in H10; Rewrite H10 in H9; Injection H9; Auto.
Auto.
Intro.
Inversion H8.
Simpl in H10.
Elim (OBJNAMEeq_dec p (ObjName o)).
Intro.
Cut (fOSC (objectSC s) o)=(None SecClass).
Intro.
Rewrite H12 in H9; Discriminate H9.
Unfold fOSC; Apply NotInDOMIsUndef.
Replace (DOM OBJeq_dec (objectSC s)) with (DOM OBJeq_dec (acl s)).
Rewrite a in H2; Rewrite a in H4; Auto.
Auto.
Intro.
Cut x=y.
Intro.
Cut False.
Tauto.
Rewrite H12 in H11; Inversion H11; Auto.
Cut (fOSC (objectSC s) o)=(fOSC (create_oSC s Sub p) o).
Intro EQ; Rewrite <- EQ in H10; Rewrite H10 in H9; Injection H9; Auto.
Auto.
Intros;
Absurd (MACSubCtrlAttrHaveChanged s
(mkSFS (groups s) (primaryGrp s) (subjectSC s) (AllGrp s)
(RootGrp s) (SecAdmGrp s) (create_oSC s Sub p)
(create_acl s Sub p perms) (secmat s) (create_files Sub p)
(create_directories Sub p)) u0); Auto.
Qed
.
End
createIsSecure.
Hints
Resolve CreatePSS CreatePSP CreatePCP.