Chapter 6: Integrity Policies

•      Overview

•      Requirements

•      Biba’s models

•      Clark-Wilson model

Overview

•      Requirements

–   Very different than confidentiality policies

•      Biba’s model

•      Clark-Wilson model

Requirements of Policies

•              Users will not write their own programs, but will use existing production programs and databases.

•              Programmers will develop and test programs on a non-production system; if they need access to actual data, they will be given production data via a special process, but will use it on their development system.

•              A special process must be followed to install a program from the development system onto the production system.

•              The special process in requirement 3 must be controlled and audited.

•              The managers and auditors must have access to both the system state and the system logs that are generated.