Secure information flow using security groups

Secure information flow using security groups

A new model and approach for secure information flow are described. The model is driven by a lattice-based information flow policy which describes the permitted dissemination of information in the system. System entities are allowed to handle different classes of information from the flow policy, an...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Foley, S.N.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Access control
Data security
Information security
Lattices
Multilevel systems
Tail
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A new model and approach for secure information flow are described. The model is driven by a lattice-based information flow policy which describes the permitted dissemination of information in the system. System entities are allowed to handle different classes of information from the flow policy, and information is permitted to flow between entities as long as the flow policy is not violated. With this conceptually simple notion of security it is possible to describe many interesting security policies, for example, multilevel policies, aggregation policies, and Chinese walls. Details of how secure systems based on the model can be implemented in practice are given. Attention is also given to how other types of security policies, such as integrity and separation of duty, can be defined in terms of lattice-based policies.< >
DOI:10.1109/CSFW.1990.128186