• Corpus ID: 6159984


  author={Ravi S. Sandhu},
In response to the strawman document [9] we propose that trust be treated as synonymous with integrity rather than synonymous with con dence. We also propose that mandatory controls be taken to mean controls based on properties of the object and/or the subject. Label-based mandatory controls are then a special case of this more general notion. The TCSEC [11] presents criteria for establishing prescribed levels of con dence in trusted systems with particular objectives. We consider how these… 

Systematic control and management of data integrity

An architecture for comprehensive integrity control systems is presented, which has its basis on data validation and metadata management and an integrity control policy language is provided that is flexible and intuitive.

On Five Deenitions of Data Integrity 1

This paper compares de nitions of data integrity, and shows how they can be ordered in an increasingly restrictive sequence, and argues that Biba's concept of integrity as one-directional information ow in a lattice is more restrictive than the previous three.

The data integrity problem and multi-layered document integrity

A formal model for the more general notion of data integrity is introduced by providing a formal problem semantics for its sub-problems: detection, location, correction, and prevention.

Process execution controls as a mechanism to ensure consistency

  • E. Bacic
  • Computer Science
    [1989 Proceedings] Fifth Annual Computer Security Applications Conference
  • 1989
A mechanism for ensuring that the changes to a system and its data occur in a consistent manner is presented and offers the capability of containing viruses within a given domain.

Authorization Model for Strongly Distributed Information Systems

The thesis proposes a formal framework, based on process algebra Calculus of Communicating Systems (CCS), for modeling and analyzing of security properties of WfMS and identifies levels of access control and authorization requirements.

Towards a model of storage jamming

It is found that Unity logic, in conjunction with some high-level operators, models storage jamming in a natural way and allows us to reason about susceptibility, rate of jamming, and impact on persistent values.

Safety analysis for the extended schematic protection model

  • P. AmmannR. Sandhu
  • Business
    Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1991
It is shown that, despite its equivalence to HRU, ESPM, retains a tractable safety analysis for a large class of protection schemes that are of practical interest.

Storage Jamming

Mandatory Controls for Database Integrity

This paper outlines the position on what is meant by the two key terms: mandatory controls and data integrity and suggests avenues of research to develop a better understanding of these issues.



A Comparison of Commercial and Military Computer Security Policies

It is argued that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity.

A model for verification of data security in operating systems

A precise definition of data security is developed here in terms of a general model for operating systems that is suitable as a basis for verifying many of those properties of an operating system which are necessary to assure reliable enforcement of security.

The Best Available Technologies for Computer Security

Past experience is summarized to guide developers on how to develop computer systems that can be trusted to enforce military security rules.

Protection in operating systems

A model of protection mechanisms in computing systems is presented and its appropriateness is argued and it can be shown that this problem is decidable, i.e. there is an algorithm to determine whether a system in a particular configuration is safe.

The protection of information in computer systems

This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification by examining in depth the principles of modern protection architectures and the relation between capability systems and access control list systems.

The source of authority for commercial access control

The authors discuss the need for protection in commercial organizations, and the way in which control principles have met this need, despite having evolved before computer systems came into use. The

Secure Ada Target: Issues, System Design, and Verification

The Secure Ada Target (SAT) machine is designed to meet or exceed the DoD requirements for multi-level secure systems by introducing tagged objects, and a specialized tagged object processor (TOP) that handles all operations involving tagged objects.

Protection in the Hydra Operating System

This paper describes the capability based protection mechanisms provided by the Hydra Operating System Kernel. These mechanisms support the construction of user-defined protected subsystems,

A lattice model of secure information flow

The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches to formulating the requirements of secure information flow among security classes.

Secure Computer System: Unified Exposition and Multics Interpretation

A suggestive interpretation of the model in the context of Multics and a discussion of several other important topics (such as communications paths, sabotage and integrity) conclude the report.