Abstract

Abstract Within a programmed system, we may distinguish between different kinds of information in order to control the use of each kind by separate security policies, where each policy is tailored to the sensitivity and desired dissemination of that one kind of information. This paper analyses the implications of implementing security policies and describes mechanisms which can be used as the basis for constructing operating systems with the desired security attributes.