Title :
A case-study of security policy for manual and automated systems
Author :
Sibley, Edgar H. ; Michael, James B. ; Sandhu, Ravi S.
Author_Institution :
Dept. of Inf. & Software Syst. Eng., George Mason Univ., Fairfax, VA, USA
Abstract :
It is argued that predisposed assumptions in security policy models can leave holes in the security aspects of the information systems that are based on them. In particular, information systems based only on the Bell-LaPadula model (D.E. Bell and L.J. LaPadula, 1976) pose potential problems by allowing new threats to be built in them because the policies are incomplete. A comparison of manual and automated systems is used to demonstrate the derivation of the Bell-LaPadula star-property for automated systems and its analog for manual systems. This exercise aids in producing a policy model based on needs and a perspective on the limitations of classical security policy models
Keywords :
data privacy; security of data; Bell-LaPadula model; Bell-LaPadula star-property; automated systems; information systems; manual systems; predisposed assumptions; security policy models; Books; Context modeling; Data security; Humans; Information security; Information systems; Operating systems; Permission; Software systems; Systems engineering and theory;
Conference_Titel :
Computer Assurance, 1991. COMPASS '91, Systems Integrity, Software Safety and Process Security. Proceedings of the Sixth Annual Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
0-7803-0126-9
DOI :
10.1109/CMPASS.1991.161040