Computer access control policy choices

This paper provides a guide-a road map-for refining a high-level information dissemination/control policy into an implementable access control policy. This process involves determining the appropriate set of policy-oriented limitations and can take place at many levels, from a top-level corporate decision to a hardware implementation choice. The paper discusses many of the choices that need to be made in the process and some of the implications of making each decision. A discussion of the Generalized Framework for Access Control (GFAC), an ongoing research effort, presents a framework and new perspective for describing access controls. Discretionary Access Control and Mandatory Access Control are described within the GFAC framework, and two examples are given showing how changing some of the policy choices can represent a different policy which may meet a different set of access control requirements.

[1]  Teresa F. Lunt Access control policies: Some unanswered questions , 1989, Comput. Secur..

[2]  Marshall D. Abrams,et al.  Tutorial computer and network security , 1986 .

[3]  JOHN P. L. WOODWARD Applications for multilevel secure operating systems , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[4]  Dan Thomsen,et al.  Multi-party update conflict: The problem and its solutions , 1989 .

[5]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[6]  J K Millen,et al.  Computer Security Models , 1984 .

[7]  Steven B. Lipner,et al.  Non-Discretionery Controls for Commercial Applications , 1982, 1982 IEEE Symposium on Security and Privacy.

[8]  Eduardo B. Fernández,et al.  Data Base Security: Requirements, Policies, and Models , 1980, IBM Syst. J..

[9]  Morris Sloman,et al.  The source of authority for commercial access control , 1988, Computer.

[10]  Charles W. Flink,et al.  System V/MLS labeling and mandatory policy alternatives , 1988, AT&T Technical Journal.

[11]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[12]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[13]  Carl E. Landwehr,et al.  A security model for military message systems , 1984, TOCS.

[14]  G. W. Smith Identifying and representing the security semantics of an application , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[15]  Carole S. Jordan A Guide to Understanding Discretionary Access Control in Trusted Systems , 1987 .

[16]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Jonathan K. Millen,et al.  Models of Multilevel Computer Security , 1989, Adv. Comput..

[18]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[19]  Richard Graubart,et al.  A Preliminary Naval Surveillance DBMS Security Model. , 1982, S&P 1982.

[20]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .