Abstract
A framework for the specification of security policies is proposed. It can used to formally specify confidentiality and integrity policies, the letter can be given in terms of Clark-Wilson style access triples. The framework extends the Clark-Wilson model in that it can used to specify dynamic segregation of duty. For application systems where security is critical, a multilevel security based approach is defined. Security policies for less critical applications can be implemented using standard Unix based systems. Both implementation strategies are based on the standard protection mechanisms that are provided by the respective systems.
Cite
CITATION STYLE
Foley, S. N. (1997). Specification and implementation of `commercial’ security requirements including dynamic segregation of duties. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 125–134). ACM. https://doi.org/10.1145/266420.266447
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
