Abstract description of a
policy or class of policies
•Focus on points of
interest in policies
–Security levels in multilevel security models
–Separation of duty in Clark-Wilson model
–Conflict of interest in Chinese Wall model
Types of Security Policies
•Military
(governmental) security policy
–Policy primarily protecting
confidentiality
•Commercial
security policy
–Policy primarily protecting
integrity
•Confidentiality
policy
–Policy protecting only
confidentiality
•Integrity
policy
–Policy protecting only integrity
Integrity and Transactions
•Begin in consistent state
–“Consistent” defined by specification
•Perform series of actions
(transaction)
–Actions cannot be interrupted
–If actions complete, system in consistent state
–If actions do not complete, system reverts to beginning
(consistent) state
No comments:
Post a Comment