Abstract

A framework for the specification of security policies is proposed. It can used to formally specify confidentiality and integrity policies, the latter can be given in terms of Clark-Wilson style access triples. The tiamework extends the Clark-Wilson model in that it can be used to specify dynamic segregation of duty.