Information Systems Security: Scope, State-of-the-art, and Evaluation of Techniques

To achieve a certain degree of information systems security different techniques have been proposed and implemented so far. It is the aim of this paper to form a basis for their evaluation and comparison. For this purpose a general framework of security is established by defining its scope, most common threats against the security, and two kinds of different comparison and evaluation criteria. The first criteria is a set of requirements on the secrecy and confidentiality of information while the second consists of several structural requirements from which we believe they are essential for a successful and powerful security technique. In our evaluation included are the Discretionary Models, the Mandatory Models, the Personal Knowledge Approach, the Chinese Wall Policy and the Clark and Wilson model of security.

[1]  Michael Stonebraker,et al.  The INGRES protection system , 1976, ACM '76.

[2]  Joachim Biskup,et al.  Das datenschutzorientierte Informationssystem DORIS: Stand der Entwicklung und Ausblick , 1991, VIS.

[3]  Bhavani M. Thuraisingham,et al.  Design of LDV: a multilevel secure relational database management system , 1990 .

[4]  Elisa Bertino,et al.  A new Authorization Model for Object-Oriented Databases , 1994, DBSec.

[5]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[6]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[7]  Joachim Biskup,et al.  The personal model of data towards a privacy oriented information system , 1988, [1989] Proceedings. Fifth International Conference on Data Engineering.

[8]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[9]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[10]  G. Pernul,et al.  A multilevel secure relational data model based on views , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[11]  Dorothy E. Denning,et al.  The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[12]  Peter P. Chen The Entity-Relationship Model: Towards a unified view of Data , 1976 .

[13]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[14]  A Min Tjoa,et al.  A View Integration Approach for the Design of Multilevel Security , 1991, ER.

[15]  Teresa F. Lunt,et al.  Security in Database Systems - from a Researcher’s View , 1991 .