Access control policies: Some unanswered questions
暂无分享,去创建一个
Discretionary access control policies are not so simple as most assume, especially in light of the requirements in the Trusted Computer System Evaluation Criteria for group authorizations and specific denial of authorizations at the higher evaluation classes. Many interpretations of these requirements can be made. We investigate the possible interpretations of specific denial of authorization and also how to reconcile conflicting user and group authorizations and denials. We discuss several alternatives for implementing such policies for complex systems, such as database systems.
[1] Peter J. Denning,et al. Protection: principles and practice , 1972, AFIPS '72 (Spring).
[2] Bradford W. Wade,et al. An authorization mechanism for a relational database system , 1976, TODS.
[3] Jeffrey D. Ullman,et al. Protection in operating systems , 1976, CACM.
[4] Dorothy E. Denning,et al. Cryptography and Data Security , 1982 .
[5] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .