Title :
Implementation of a capabilities knowledge base for data integrity
Author :
Shimp, James E. ; Filsinger, J.
Author_Institution :
E-Systems, St. Petersburg, FL, USA
Abstract :
The authors describe an implementation of an integrity-supporting discretionary access control mechanism-the capabilities knowledge base (CKB)-as an extension to the Clark and Wilson model (1987). They advocate using the audit trail to the fullest extent possible, not as just a passive collection of system events, but also as an active resource for solving the division-of-tasks problem that results from separation of duty. They emphasize that CKB can enforce the separation of duty as described in the Clark and Wilson model and therefore adds a measure of protection to information against unauthorized modification. This use of a knowledge base implementation is perceived as the only viable technical solution to the division-of-tasks problem. A high-level design for a CKB in support of data integrity is presented. The current implementation of CKB provides the functionality to import audit events and capability requests to the inferencing mechanism
Keywords :
data integrity; expert systems; knowledge based systems; safety systems; security of data; CKB; Clark and Wilson model; audit events; audit trail; capabilities knowledge base; capability requests; data integrity; division-of-tasks problem; inferencing mechanism; information protection; integrity-supporting discretionary access control; separation of duty; unauthorized modification; Certification; Protection; Read only memory;
Conference_Titel :
Southeastcon '89. Proceedings. Energy and Information Technologies in the Southeast., IEEE
Conference_Location :
Columbia, SC
DOI :
10.1109/SECON.1989.132375
