Computer access control policy choices

Computer access control policy choices

This paper provides a guide—a road map—for refining a high-level information dissemination/control policy into an implementable access control policy. This process involves determining the appropriate set of policy-oriented limitations and can take place at many levels, from a top-level corporate de...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 1990-12, Vol.9 (8), p.699-714
Hauptverfasser: Olson, Ingrid M., Abrams, Marshall D.
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Access control policy
Authority
Characteristics
Choices
Cybersecurity
Generalized Framework for Access Control
Hierarchy of control
Information control
Information dissemination
Policy
Security management
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This paper provides a guide—a road map—for refining a high-level information dissemination/control policy into an implementable access control policy. This process involves determining the appropriate set of policy-oriented limitations and can take place at many levels, from a top-level corporate decision to a hardware implementation choice. The paper discusses many of the choices that need to be made in the process and some of the implications of making each decision. A discussion of the Generalized Framework for Access Control (GFAC), an ongoing research effort, presents a framework and new perspective for describing access controls. Discretionary Access Control and Mandatory Access Control are described within the GFAC framework, and two examples are given showing how changing some of the policy choices can represent a different policy which may meet a different set of access control requirements.
ISSN:0167-4048
1872-6208
DOI:10.1016/0167-4048(90)90113-8