Lattice-Based Access Control Models
Computer
Enriching the Expressive Power of Security Labels
IEEE Transactions on Knowledge and Data Engineering
Collecting Garbage in Multilevel Secure Object Stores
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Security controls in the ADEPT-50 time-sharing system
AFIPS '69 (Fall) Proceedings of the November 18-20, 1969, fall joint computer conference
Hi-index | 0.00 |
In the proposed mandatory access control model, arbitrary label changing policies can be expressed. The relatively simple model can capture a wide variety of security policies, including high-water marks, downgrading, separation of duties, and Chinese Walls. The model forms the basis for a tiered approach to the formal development of secure systems, whereby security verification can be spread across what makes up the reference monitor and the security requirement specification. The advantage of this approach is that once a trusted computing base (TCB) is in place, reconfiguring it for different security requirements requires verification of just the new requirements. We illustrate the approach with a number of examples, including one policy that permits high-level subjects to make relabeling requests on low-level objects; the policy is multilevel secure.