Publication | Closed Access
A Comparison of Commercial and Military Computer Security Policies
1.1K
Citations
3
References
1987
Year
Unknown Venue
Information Security ManagementEngineeringData IntegrityInformation SecurityInformation AssuranceData PrivacySecuritySecurity EvaluationComputer ScienceLattice ModelSecurity MeasurementDisclosureData ManagementComputer Security ModelData Security
Computer security discussions focus on disclosure control, yet for business data processing the primary concern is data integrity, especially under DoD criteria for classified information. The paper presents a policy for data integrity based on commercial data processing practices and compares the mechanisms needed for this policy with those required to enforce the lattice model for information security. The authors compare the mechanisms required for a commercial data integrity policy with those required to enforce the lattice model for information security. They argue that a lattice model alone is insufficient for integrity policies and that distinct mechanisms are required to control disclosure and ensure integrity.
Most discussions of computer security focus on control of disclosure. In Particular, the U.S. Department of Defense has developed a set of criteria for computer mechanisms to provide control of classified information. However, for that core of data processing concerned with business operation and control of assets, the primary security concern is data integrity. This paper presents a policy for data integrity based on commercial data processing practices, and compares the mechanisms needed for this policy with the mechanisms needed to enforce the lattice model for information security. We argue that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity.
| Year | Citations | |
|---|---|---|
Page 1
Page 1