Security engineering of lattice-based policies

Abstract

Describes an algebraic approach to the security engineering of lattice policies. The approach has two main goals. First, it seeks to model access control policies with anti-symmetry, reflexivity and transitivity exceptions using a lattice, and to propose an information flow security definition for the resulting set of policies (POL). Second, it supports a constructive approach to policy specification through an algebraic structure (POL, AND, OR, NOT, /spl equiv/, /spl les/). This structure is homomorphic to Boolean algebra. The approach's goals and design decisions are influenced by the context in which it is being used: a library of reusable security components with tools to facilitate their reuse for securing application systems.