论文信息 - Secure Database Development and the Clark-Wilson Security Model

Secure Database Development and the Clark-Wilson Security Model

Information systems are vulnerable to accidental or malicious attacks. Security models for commercial computer systems exist, but information systems security is often ignored or added at or after implementation. The paper explores common security models, and their relevance to databases. It demonstrates how security-relevant concepts can be extracted during a conventional database development. Keyword: Databases, security models, access control, development methods

Régine Laleau | Xiaocheng Ge | Fiona A. C. Polack

[1] Jan Jürjens,et al. Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[2] Theodore M. P. Lee,et al. Using mandatory integrity to enforce 'commercial' security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[3] Frédéric Cuppens,et al. A Logical Formalization of Integrity Policies for Database Management Systems , 1998, IICIS.

[4] David D. Clark,et al. A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[5] Ramez Elmasri,et al. Fundamentals of Database Systems , 1989 .

[6] Edward Amoroso,et al. Report of an integrity research study group , 1993, Comput. Secur..

[7] Simon N. Foley. The specification and implementation of “commercial” security requirements including dynamic segregation of duties , 1997, CCS '97.

[8] Edward G. Amoroso,et al. Fundamentals of computer security technology , 1994 .

[9] Jan Jürjens,et al. UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[10] Régine Laleau,et al. Secure Databases: An Analysis of Clark-Wilson Model in a Database Environment , 2004, CAiSE.