Mechanism sufficiency validation by assignment

Shirley, Lawrence J.; Schell, Roger R.

Mechanism sufficiency validation by assignment

Files

mechanismsuffici00shir.pdf (1.85 MB)

Authors

Shirley, Lawrence J.

Schell, Roger R.

Subjects

Computer Security, Protection Mechanisms, Security Kernel, Operating Systems, Protection Domains, Relational Model

Date of Issue

1981-05

Date

1981-05

Publisher

Monterey, California. Naval Postgraduate School

Language

en_US

Abstract

This paper introduces a mathematical framework for evaluating the relationship between policies and mechanisms. An evaluation approach called the assignment technique is defined. This technique consists of establishing an assignment between the security classes of information established by policy constraints, and the protection domains, established by the properties of the mechanism. The assignment technique provides a theoretical foundation for assessing the sufficiency of an access control mechanism with respect to a well formed protection policy. Although this paper presents preliminary results of research, the proposed framework suggests a promising new approach for evaluating the protection mechanisms of existing and proposed systems

Type

Technical Report

URI

https://hdl.handle.net/10945/28990

Department

Computer Science

Organization

Operations Research (OR)

Graduate School of Operational and Information Sciences (GSOIS)

NPS Report Number

NPS-52-81-004

Funder

N0002381R015374

Format

32 p. ; digrs. ; 28 cm.

Distribution Statement

Approved for public release; distribution is unlimited.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

Collections

Reports

Full item page

Naval Postgraduate School

Dudley Knox Library