The enforcement of security policies for computation
- 1 November 1975
- journal article
- conference paper
- Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review
- Vol. 9 (5) , 197-206
- https://doi.org/10.1145/1067629.806538
Abstract
Security policies define who may use what information in a computer system. Protection mechanisms are built into a system to enforce security policies. In most systems, however, it is quite unclear what policies a mechanism can or does enforce. This paper defines security policies and protection mechanisms precisely and bridges the gap between them with the concept of soundness: whether a protection mechanism enforces a policy. Different sound protection mechanisms for the same policy can then be compared. We also show that the “union” of mechanisms for the same program produces a more “complete” mechanism. Although a “maximal” mechanism exists, it cannot necessarily be constructed.Keywords
This publication has 5 references indexed in Scilit:
- HYDRACommunications of the ACM, 1974
- Memoryless subsystemsThe Computer Journal, 1974
- Verifiable secure operating system softwarePublished by Association for Computing Machinery (ACM) ,1974
- A note on the confinement problemCommunications of the ACM, 1973
- A technique for software module specification with examplesCommunications of the ACM, 1972