{"title":"信任的统计模型:tcb vs.人","authors":"Theodore M. P. Lee","doi":"10.1109/SECPRI.1989.36274","DOIUrl":null,"url":null,"abstract":"The processes of granting security clearances to people and accrediting trusted computer systems are compared, both informally and using preliminary mathematical models of risk probabilities. The risk models support the validity of two hypotheses that were previously merely conjectures: (1) in determining an acceptable accreditation range for a computer one need only consider the highest classification of data on it and the least-cleared person using it, (2) that under suitable conditions a cascade (combination) of two trusted systems can be trusted more than either individually. In particular, it is shown that a cascade of two (independently built) B2 systems is as good as one B3 system.<<ETX>>","PeriodicalId":126792,"journal":{"name":"Proceedings. 1989 IEEE Symposium on Security and Privacy","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1989-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Statistical models of trust: TCBs vs. people\",\"authors\":\"Theodore M. P. Lee\",\"doi\":\"10.1109/SECPRI.1989.36274\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The processes of granting security clearances to people and accrediting trusted computer systems are compared, both informally and using preliminary mathematical models of risk probabilities. The risk models support the validity of two hypotheses that were previously merely conjectures: (1) in determining an acceptable accreditation range for a computer one need only consider the highest classification of data on it and the least-cleared person using it, (2) that under suitable conditions a cascade (combination) of two trusted systems can be trusted more than either individually. In particular, it is shown that a cascade of two (independently built) B2 systems is as good as one B3 system.<<ETX>>\",\"PeriodicalId\":126792,\"journal\":{\"name\":\"Proceedings. 1989 IEEE Symposium on Security and Privacy\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1989-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings. 1989 IEEE Symposium on Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECPRI.1989.36274\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 1989 IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECPRI.1989.36274","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The processes of granting security clearances to people and accrediting trusted computer systems are compared, both informally and using preliminary mathematical models of risk probabilities. The risk models support the validity of two hypotheses that were previously merely conjectures: (1) in determining an acceptable accreditation range for a computer one need only consider the highest classification of data on it and the least-cleared person using it, (2) that under suitable conditions a cascade (combination) of two trusted systems can be trusted more than either individually. In particular, it is shown that a cascade of two (independently built) B2 systems is as good as one B3 system.<>
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
