{"title":"关于“安全政策”这个流行词","authors":"D. Sterne","doi":"10.1109/RISP.1991.130789","DOIUrl":null,"url":null,"abstract":"It is pointed out that, although the term 'security policy' is fundamental to computer security, its conflicting meanings have obscured important conceptual distinctions, especially where concerns other than confidentiality are involved. A clearer definition is needed to clarify routine technical discourse, facilitate resolution of key research issues, and establish the scope of security research and standardization efforts. The terms security policy objective, organization security policy, and automated security policy are proposed. These terms are based on simple generalizations of ideas that underlie the trusted computer system evaluation criteria (TCSEC). Yet, they describe a view of security that is more precise, more general, and different than 'confidentiality, integrity, and assured service'. Their usefulness in clarifying conceptual and terminological issues is illustrated through examples.<<ETX>>","PeriodicalId":445112,"journal":{"name":"Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1991-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"105","resultStr":"{\"title\":\"On the buzzword 'security policy'\",\"authors\":\"D. Sterne\",\"doi\":\"10.1109/RISP.1991.130789\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is pointed out that, although the term 'security policy' is fundamental to computer security, its conflicting meanings have obscured important conceptual distinctions, especially where concerns other than confidentiality are involved. A clearer definition is needed to clarify routine technical discourse, facilitate resolution of key research issues, and establish the scope of security research and standardization efforts. The terms security policy objective, organization security policy, and automated security policy are proposed. These terms are based on simple generalizations of ideas that underlie the trusted computer system evaluation criteria (TCSEC). Yet, they describe a view of security that is more precise, more general, and different than 'confidentiality, integrity, and assured service'. Their usefulness in clarifying conceptual and terminological issues is illustrated through examples.<<ETX>>\",\"PeriodicalId\":445112,\"journal\":{\"name\":\"Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1991-05-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"105\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RISP.1991.130789\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RISP.1991.130789","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
It is pointed out that, although the term 'security policy' is fundamental to computer security, its conflicting meanings have obscured important conceptual distinctions, especially where concerns other than confidentiality are involved. A clearer definition is needed to clarify routine technical discourse, facilitate resolution of key research issues, and establish the scope of security research and standardization efforts. The terms security policy objective, organization security policy, and automated security policy are proposed. These terms are based on simple generalizations of ideas that underlie the trusted computer system evaluation criteria (TCSEC). Yet, they describe a view of security that is more precise, more general, and different than 'confidentiality, integrity, and assured service'. Their usefulness in clarifying conceptual and terminological issues is illustrated through examples.<>
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
