Report of an integrity research study group

This paper describes issues and results obtained in the context of an integrity research study group. A specification and modeling taxonomy is shown to provide a framework for the group's integrity discussions and investigations. In particular, the Clark-Wilson model and its relation to external integrity requirements comprised the primary focus of our work. The details of the specification and modeling taxonomy are explained, and several issues and recommendations are proposed including the notion of a primary CDI as an extension to the Clark-Wilson model. The implications of these issues and recommendations are examined in the context of database systems. Several concluding remarks and suggestions for future work are also presented.

[1]  R.W. Baldwin,et al.  Naming and grouping privileges to simplify security management in large databases , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[4]  Theodore M. P. Lee,et al.  Using mandatory integrity to enforce 'commercial' security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[5]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .