On the buzzword `security policy'
Sterne, D.F.
Trusted Inf. Syst. Inc., Glenwood, MD;
This paper appears in: Research in Security and Privacy, 1991. Proceedings., 1991 IEEE Computer Society Symposium on
Publication Date: 20-22 May 1991
On page(s): 219-230
Meeting Date: 05/20/1991 - 05/22/1991
Location: Oakland, CA, USA
ISBN: 0-8186-2168-0
References Cited: 35
INSPEC Accession Number: 4050385
Digital Object Identifier: 10.1109/RISP.1991.130789
Current Version Published: 2002-08-06
Abstract
It is pointed out that, although the term `security policy' is
fundamental to computer security, its conflicting meanings have obscured
important conceptual distinctions, especially where concerns other than
confidentiality are involved. A clearer definition is needed to clarify
routine technical discourse, facilitate resolution of key research
issues, and establish the scope of security research and standardization
efforts. The terms security policy objective, organization security
policy, and automated security policy are proposed. These terms are
based on simple generalizations of ideas that underlie the trusted
computer system evaluation criteria (TCSEC). Yet, they describe a view
of security that is more precise, more general, and different than
`confidentiality, integrity, and assured service'. Their usefulness in
clarifying conceptual and terminological issues is illustrated through
examples
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
