The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

A New Approach to the Specification of Computer Security Poilicies

Author

Ivan Krsul, Eugene Spafford, Tugkan Tuglular

Entry type

techreport

Date

1997

Institution

COAST Laboratory

Key alpha

krsul

Affiliation

Purdue University

Publication Date

0000-00-00

Contents

Abstract 1. Introduction 2. Notation 3. Definitions of Policies 4. Proposed Model 5. Modeling Existing Policies 5.1 Mandatory Access Control 5.2 Discretionary Access Control5.3 Lattice Structure 5.4 Information Flow 5.5 Integrity 5.6 Identification and Authentication 6. Modeling Policies for COTS Systems 6.1 The use of games during business hours 6.2 Stock Market Operations 6.3 File access restriction in Java 7. Modeling Policies that Incorporate the Notion of Time 8. Future Work 8.1 Development of a Comprehensive Library of Policy Functions 8.2 Limited Policy Violation Prevention 9. Conclusions References

Language

English

Location

A hard-copy of this is in the CERIAS Library

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.