{"title":"Specification of content-dependent security policies","authors":"D. Spooner","doi":"10.1145/800173.809719","DOIUrl":null,"url":null,"abstract":"The protection of information from unauthorized disclosure is an important consideration for the designers of any large multiuser computer system. A general purpose database management system often requires the enforcement of content-dependent security policies in which a decision to allow access must be based on the value of the data itself. Several authors ([Har76], [Sto76], [Gri76], [Sum77], [Min78], [Spo83], and others) have proposed mechanisms for implementing content-dependent security policies. Few authors, however, have investigated the properties of models for the specification of such policies.\n This paper identifies several problems created by inadequate models for the specification of content-dependent security policies. If a specification model is too liberal in the types of policies it can express, it may provide an increased opportunity for compromise of data. If the specification model is too conservative, it cannot express many desirable policies. Thus a flexible model which will allow a compromise between these two extremes is needed for specifying content-dependent policies. Such a model is proposed here.","PeriodicalId":306306,"journal":{"name":"ACM '83","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM '83","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/800173.809719","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The protection of information from unauthorized disclosure is an important consideration for the designers of any large multiuser computer system. A general purpose database management system often requires the enforcement of content-dependent security policies in which a decision to allow access must be based on the value of the data itself. Several authors ([Har76], [Sto76], [Gri76], [Sum77], [Min78], [Spo83], and others) have proposed mechanisms for implementing content-dependent security policies. Few authors, however, have investigated the properties of models for the specification of such policies.
This paper identifies several problems created by inadequate models for the specification of content-dependent security policies. If a specification model is too liberal in the types of policies it can express, it may provide an increased opportunity for compromise of data. If the specification model is too conservative, it cannot express many desirable policies. Thus a flexible model which will allow a compromise between these two extremes is needed for specifying content-dependent policies. Such a model is proposed here.