Title :
On security policy modeling
Author :
Freeman, J.W. ; Neely, R.B.
Author_Institution :
CTA Inc., Colorado Springs, CO, USA
Abstract :
An important element in the development of a secure system at the B2 level of assurance or higher is the production of a formal security policy model. The authors provide some observations regarding an issue within the modeling process, particularly at the A1 level of assurance. The issue is that of ensuring an effective focus for the security policy modeling effort as that effort proceeds through the requirements and architectural design phases of a system development process. This is important because how a development approach addresses the modeling process will affect the understanding of the formal policy model as well as its relationship to the security design of the system. A modeling approach is outlined that directly supports each of the observations and validates them based on experience obtained via recent secure system development projects
Keywords :
DP management; security of data; A1 assurance level; B2 assurance level; architectural design phase; formal security policy model; modeling process; requirements phase; secure system development projects; security design; system development process; Application software; Artificial intelligence; Computer security; Guidelines; Information resources; Information security; Mathematical model; Production systems; Protection; Springs;
Conference_Titel :
Computer Assurance, 1993. COMPASS '93, Practical Paths to Assurance. Proceedings of the Eighth Annual Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
0-7803-1251-1
DOI :
10.1109/CMPASS.1993.288857
