Proceedings of the 4th ACM conference on Computer and communications security
Dynamic label binding at run-time
Proceedings of the 2003 workshop on New security paradigms
Direct static enforcement of high-level security policies
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
On mutually exclusive roles and separation-of-duty
ACM Transactions on Information and System Security (TISSEC)
Unified support for heterogeneous security policies in distributed systems
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Access control models and security labelling
ACSC '07 Proceedings of the thirtieth Australasian conference on Computer science - Volume 62
| Hi-index | 0.00 |
In the proposed mandatory access control model, arbitrary label changing policies can be expressed. The relatively simple model can capture a wide variety of security policies, including high-water marks, downgrading, separation of duties, and Chinese Walls. The model forms the basis for a tiered approach to the formal development of secure systems, whereby security verification can be spread across what makes up the reference monitor and the security requirement specification. The advantage of this approach is that once a trusted computing base (TCB) is in place, reconfiguring it for different security requirements requires verification of just the new requirements. We illustrate the approach with a number of examples, including one policy that permits high-level subjects to make relabeling requests on low-level objects; the policy is multilevel secure.