与内容相关的安全策略的规范

ACM '83 Pub Date : 1900-01-01 DOI:10.1145/800173.809719
D. Spooner
{"title":"与内容相关的安全策略的规范","authors":"D. Spooner","doi":"10.1145/800173.809719","DOIUrl":null,"url":null,"abstract":"The protection of information from unauthorized disclosure is an important consideration for the designers of any large multiuser computer system. A general purpose database management system often requires the enforcement of content-dependent security policies in which a decision to allow access must be based on the value of the data itself. Several authors ([Har76], [Sto76], [Gri76], [Sum77], [Min78], [Spo83], and others) have proposed mechanisms for implementing content-dependent security policies. Few authors, however, have investigated the properties of models for the specification of such policies.\n This paper identifies several problems created by inadequate models for the specification of content-dependent security policies. If a specification model is too liberal in the types of policies it can express, it may provide an increased opportunity for compromise of data. If the specification model is too conservative, it cannot express many desirable policies. Thus a flexible model which will allow a compromise between these two extremes is needed for specifying content-dependent policies. Such a model is proposed here.","PeriodicalId":306306,"journal":{"name":"ACM '83","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Specification of content-dependent security policies\",\"authors\":\"D. Spooner\",\"doi\":\"10.1145/800173.809719\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The protection of information from unauthorized disclosure is an important consideration for the designers of any large multiuser computer system. A general purpose database management system often requires the enforcement of content-dependent security policies in which a decision to allow access must be based on the value of the data itself. Several authors ([Har76], [Sto76], [Gri76], [Sum77], [Min78], [Spo83], and others) have proposed mechanisms for implementing content-dependent security policies. Few authors, however, have investigated the properties of models for the specification of such policies.\\n This paper identifies several problems created by inadequate models for the specification of content-dependent security policies. If a specification model is too liberal in the types of policies it can express, it may provide an increased opportunity for compromise of data. If the specification model is too conservative, it cannot express many desirable policies. Thus a flexible model which will allow a compromise between these two extremes is needed for specifying content-dependent policies. Such a model is proposed here.\",\"PeriodicalId\":306306,\"journal\":{\"name\":\"ACM '83\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM '83\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/800173.809719\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM '83","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/800173.809719","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

保护信息免受未经授权的泄露是任何大型多用户计算机系统设计人员的重要考虑因素。通用数据库管理系统通常需要实施与内容相关的安全策略,其中允许访问的决策必须基于数据本身的价值。一些作者([Har76], [Sto76], [Gri76], [Sum77], [Min78], [Spo83]等)提出了实现依赖于内容的安全策略的机制。然而,很少有作者研究了用于此类策略规范的模型的属性。本文确定了由于内容相关安全策略规范的模型不充分而产生的几个问题。如果规范模型在可以表达的策略类型方面过于自由,则可能会增加数据泄露的机会。如果规范模型过于保守,它就不能表达许多理想的策略。因此,在指定依赖于内容的策略时,需要一个灵活的模型,允许在这两个极端之间进行折衷。本文提出了这样一个模型。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Specification of content-dependent security policies
The protection of information from unauthorized disclosure is an important consideration for the designers of any large multiuser computer system. A general purpose database management system often requires the enforcement of content-dependent security policies in which a decision to allow access must be based on the value of the data itself. Several authors ([Har76], [Sto76], [Gri76], [Sum77], [Min78], [Spo83], and others) have proposed mechanisms for implementing content-dependent security policies. Few authors, however, have investigated the properties of models for the specification of such policies. This paper identifies several problems created by inadequate models for the specification of content-dependent security policies. If a specification model is too liberal in the types of policies it can express, it may provide an increased opportunity for compromise of data. If the specification model is too conservative, it cannot express many desirable policies. Thus a flexible model which will allow a compromise between these two extremes is needed for specifying content-dependent policies. Such a model is proposed here.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Optical storage of page images and pictorial data - opportunities and needed advances in information retrieval Office automation and the changing definition of the workplace Why Ada is not just another programming language Session M4: Women in the workplace Network protocol: A structured approach
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1