Emerging security requirements |
| |
| Authors: | Harold Lorin |
| |
| Affiliation: | IBM Systems Research Institute, 205 East 42nd Street, New York, NY 10017, USA |
| |
| Abstract: | Interest in the security of information systems has increased partly because of evolving systems maturity, and partly in response to dramatic intrusions into major systems. These have included intrusions by amateur ‘hackers’ which, although embarrassing have caused no substantial damage. Intrusions from employees are far more damaging but have not been widely publicized. The paper describes the US government's security policy and its implications for private organizations. A security policy is basic to the concept of security and defines the manner in which an information system can access and manipulate data. Protection mechanisms which enforce security policies are discussed. Mandatory and discretionary policies which form a particular security policy are outlined. The characteristics of a formal security model are also defined, and the design of a secure operating system is discussed. The present status of information systems security is outlined. |
| |
| Keywords: | information networks security mandatory security policy discretionary security policy secure operating system |
| 本文献已被 ScienceDirect 等数据库收录! |
|
