Abstract
Security policies define who may use what information in a computer system. Protection mechanisms are built into a system to enforce security policies. In most systems, however, it is quite unclear what policies a mechanism can or does enforce.
This paper defines security policies and protection mechanisms precisely and bridges the gap between them with the concept of soundness: whether a protection mechanism enforces a policy. Different sound protection mechanisms for the same policy can then be compared. We also show that the “union” of mechanisms for the same program produces a more “complete” mechanism. Although a “maximal” mechanism exists, it cannot necessarily be constructed.
- 1 D. W. Bell. Secure systems: A refinement of the mathematical model. The Mitre Corporation MTR 2547, Volume III, 1974.Google Scholar
- 2 D. Denning. Secure information flow in computer systems. PhD thesis, Purdue University CSD-TR-145. Google ScholarDigital Library
- 3 A. C. Doyle. Silver blaze. The Memoirs of Sherlock Holmes, 1874.Google Scholar
- 4 J. S. Fenton. Memoryless subsystems. Computer Journal 17(2):143-147, 1974.Google ScholarCross Ref
- 5 A. K. Jones. Protection in programmed systems. PhD thesis, Carnegie-Mellon University, 1973. Google ScholarDigital Library
- 6 B. W. Lampson. A note on the confinement problem. CACM 16(10)m 1973. Google ScholarDigital Library
- 7 P. G. Neumann, L. Robinson, K. N. Levitt, R. S. Boyer, and A. R. Saxena. A provably secure operating system. SRI Final Report, 1975.Google Scholar
- 8 E. Organick. The Multics System: An Examination of Its Structure. MIT Press, 1972. Google ScholarDigital Library
- 9 D. Parnas. A technique for software module specification, with examples. CACM 15: 330-336, 1972. Google ScholarDigital Library
- 10 G. Popek and C. S. Kline. Verifiable secure operating system software. AFIPS National Computer Conference Proceedings, 145-151, 1974.Google ScholarDigital Library
- 11 L. Rotenberg. Making computers keep secrets. MIT-TR-115, 1974.Google Scholar
- 12 M. D. Schroeder. Cooperation of mutually suspicious subsystems in a computer utility. PhD thesis, MAC TR-104, Massachusetts Institute of Technology, 1972. Google ScholarDigital Library
- 13 K. G. Walter, W. F. Ogden, W. C. Rounds, F. T. Bradshaw, S. R. Ames, and D. G. Schuman. Models for secure computer systems. Case Western Reserve Technical Report 1137, 1973.Google Scholar
- 14 C. Weissman. Security controls in the ADEPT-50 time sharing system. AFIPS FJCC, 119-133, 1969.Google Scholar
- 15 W. A. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and R. Pollack. HYDRA: The kernel of a multiprocessor operating system. CACM 17(6):337-345, 1974. Google ScholarDigital Library
Index Terms
- The enforcement of security policies for computation
Recommendations
The enforcement of security policies for computation
SOSP '75: Proceedings of the fifth ACM symposium on Operating systems principlesSecurity policies define who may use what information in a computer system. Protection mechanisms are built into a system to enforce security policies. In most systems, however, it is quite unclear what policies a mechanism can or does enforce.
This ...
Formal enforcement and management of obligation policies
Obligations are generally actions that users are required to take and are essential for the expression of a large number of requirements. For instance, obligation actions may represent prerequisites to gain some privilege (pre obligations), to satisfy ...
Decentralized enforcement of security policies for distributed computational systems
SAC '07: Proceedings of the 2007 ACM symposium on Applied computingThe shift from single server environments to globally distributed systems presents a great challenge in terms of defining and enforcing appropriate security policies. This is, among other things, due to the fact that the actual order between events in ...
Comments