3Wittbold J T and Johnson D M. Information flow in nondeterministic systems[C]. In: Proc. IEEE Symp. on Security and Privacy, 1990,144-161.
4Goguen J A and Meseguer J. Security policies and security models [C]. Int Proc. IEEE Syrup. on Security and Privacy, 1982,11-20.
5McCullough D. A hookup theorem for multilevel security [J].IEEE Transaction on Software Engineering, April, 1995, 16(6) :563-568.
6Denning D E. A lattice model of secure information flow [J].ACM Comm, May, 1976, 236-243.
7Sandhu R S and Samarati P. Access control: principles and practice [J]. IEEE Communications Magazine, 1994, 40- 48.
8Bell D E and LaPadula L J. Secure computer system: mathematical foundation and model, Miter Corp [R]. Report No. M74-244, Bedford, Mass , 1975. (NTIS Report No. AD-271543. ).
9Gray J W. Toward a mathematical foundation for information flow security[C]. In: Proc. IEEE Symp. on Security and Privacy, 1991, 21-34.
10McCullough D. Noninterference and the composability of security properties [C]. In: Proc. IEEE Symp. on Security and Privacy,1988, 177-186.
