Skip to Main Content
One of the major threats that an enterprise information system networks are facing today is the internal threat. In this paper we develop a formal network access control model as per ISO/IEC security evaluation criteria - common criteria to provide a formal framework for implementing an Internal threat protection security solution in network computing environment. We used network interpretation of the security functional components of common criteria to model the access control framework. The paper concludes with a case study along with model verification.