by Ravi Sandhu
Proc. of the Invitational Workshop on Data Integrity, (Ruthberg, Z.G. and Polk, W.T., editors), National Institute of Standards and Technology, Special Publication 500-168, September 1989, section A.4
http://www.list.gmu.edu/confrnc/misconf/pdf_ver/wipcis89.pdf
Add To MetaCart
Abstract:
Abstract. In response to the strawman document [9] we propose that trust be treated as synonymous with integrity rather than synonymous with con dence. We also propose that mandatory controls be taken to mean controls based on properties of the object and/or the subject. Label-based mandatory controls are then a special case of this more general notion. The TCSEC [11] presents criteria for establishing prescribed levels of con dence in trusted systems with particular objectives. We consider how these criteria might be generalized to a broader context. Finally regarding architectures for trusted systems we suggest enhancements to the current security kernel approach. 1
Citations
|
394
|
Secure computer systems: Unified exposition and MULTICS interpretation
– Bell, LaPadula
- 1976
|
|
335
|
The protection of information in computer systems
– Saltzer, Schroeder
- 1975
|
|
329
|
A lattice model of secure information flow
– Denning
- 1976
|
|
284
|
Wilson:A Comparison of Commercial and Military Computer Security Policies
– Clark, David
- 1987
|
|
215
|
On Protection in Operating Systems
– Harrison, Ruzzo, et al.
- 1975
|
|
101
|
A Practical Alternative to Hierarchical Integrity Policies
– Boebert, Kain
- 1985
|
|
79
|
Building a Secure Computer System
– Gasser
- 1988
|
|
64
|
Transaction control expressions for separation of duties
– Sandhu
- 1988
|
|
49
|
The schematic protection model: Its definition and analysis for acyclic attenuating schemes
– Sandhu
- 1988
|
|
40
|
The algebra of security
– McLean
- 1988
|
|
40
|
Protection in the Hydra Operating System
– Cohen, Jefferson
- 1975
|
|
39
|
Secure computer systems: Uni ed exposition and MULTICS interpretation
– Bell, LaPadula
- 1976
|
|
28
|
The Schematic Protection Model: Its De nition and Analysis for Acyclic Attenuating Schemes
– Sandhu
- 1988
|
|
25
|
Using mandatory integrity to enforce \commercial" security
– Lee
- 1988
|
|
23
|
Security Kernel Design and Implementation: An Introduction.” Computer 16(7):14-22
– Ames, Gasser, et al.
- 1983
|
|
22
|
Operating System Structures to Support Security and Reliable
– Linden
- 1976
|
|
20
|
Expressive power of the schematic protection model
– Sandhu
- 1992
|
|
17
|
Monotonic Protection Systems
– Harrison, Ruzzo
- 1978
|
|
16
|
The best available technologies for computer security
– Landwehr
- 1983
|
|
15
|
Scomp: A solution to multilevel security problem
– Fraim
- 1983
|
|
15
|
The NTree: A two dimension partial order for protection groups
– Sandhu
- 1988
|
|
14
|
A Model for Verification of Data Security in Operating Systems
– Popek, Farber
- 1978
|
|
13
|
Using mandatory integrity to enforce "commercial" security
– Lee
- 1988
|
|
13
|
The Source of Authority for Commercial Access Control
– Moffett, Sloman
- 1988
|
|
8
|
The source of authority for commercial access control
– ett, D, et al.
- 1988
|
|
6
|
Je erson, D. \Protection in the Hydra Operating System
– Cohen
- 1975
|
|
6
|
Some Informal Comments About Integrity and the Integrity Workshop
– Courtney, H
- 1989
|
|
6
|
Some Owner Based Schemes with Dynamic Groups
– Sandhu, Share
- 1986
|
|
5
|
Comments on the Integrity Model
– Clark, Wilson
- 1989
|
|
4
|
Secure ADA Target
– Boebert, Kain, et al.
- 1985
|
|
2
|
Evolution of a Model for Computer Integrity." These proceedings
– Clark, Wilson
- 1988
|
|
2
|
On the Use of Mandatory." Position
– Murray
|
|
2
|
A Summary and
– Parker, Neumann
|
|
2
|
A Model for Veri cation of Data Security in Operating Systems
– Popek, Farber
- 1978
|
