Position: "insider" is relative
暂无分享,去创建一个
A security policy defines "security" for a given site or set of sites. Most security policies provide for trusted users to whom the policy either does not apply or to whom some parts of the policy do not apply. For example, in a traditional Bell-LaPadula model with strong tranquility, labels of entities do not change. In practise, this is too restrictive, so a trusted user (the site security officer) is allowed to set and change labels. Indeed, in their demonstration that Multics satisfies the model [1], Bell and LaPadula explicitly defined trusted users as subjects against whom the *-property is not enforced. The users are trusted not to violate that property.
[1] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .
[2] Karl N. Levitt,et al. Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).
[3] Elliott I. Organick,et al. The multics system: an examination of its structure , 1972 .