- 1.Bell, D. E., and LaPadula, L. J., Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, The MITRE Corporation, Bedford, Massachusetts, March, 1976.Google ScholarCross Ref
- 2.Dobson, J. E., Blyth, A. J. C., Chudge, J., and Strens, M. R., "The ORDIT Approach to Requirements Identification," Proceedings of the Sixteenth Annual International Computer Software and Applications Conference. Los Alamitos, California: IEEE Computer Society Press, 1992, pp. 356-361.Google Scholar
- 3.J ajodia, S., and Kogan, B., "integrating an Object-Oriented Data Model with Multilevel Security," Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. Los Alamitos, California: IEEE Computer Society Press, 1990, pp. 76-85.Google Scholar
- 4.McLean, J., "The Specification and Modeling of Computer Security," IEEE Computer 23, 11 (1990), pp. 9-16. Google ScholarDigital Library
- 5.Michael, J. B. A Formal Approach to Testing the Consistency of Composed Security Policies, Ph.D. dissertation, School of Information Technology and Engineering, George Mason University, 1993. Google ScholarDigital Library
- 6.Michael, J. B., Sibley, E. H., and Wexelblat, R. L., "A Modeling Paradigm for Representing Intentions in Information Systems," Proceedings of the First Workshop on Information Technologies and Systems. Massachusetts Institute of Technology Sloan School of Management, Cambridge, Massachusetts, 1991, pp. 21-34.Google Scholar
- 7.Sibley, E. H., Michael, J. B., and Sandhu, R. S. "A Case-Study of Security Policy for Manual and Automated Systems," In Proceedings of the Sixth Annual Conference on Computer Assurance. IEEE Computer Society Press, Los Alamitos, California, 1991, pp. 63-68.Google Scholar
- 8.Sibley, E. H., Wexelblat, R. L., Michael, J. B., Tanner, M. C., and Littman, D. C., "The Role of Policy in Requirements Definition," Proceedings of lhe IEEE International Symposium on Requirements Engineering. Los Alamitos, California: IEEE Computer Society Press, 1993, pp. 277-280.Google Scholar
- 9.Wahlstrom, B. "Avoiding Technological Risks: The Dilemma of Complexity," Journal of Technological Forecasting and Social Change 42, 4 (1992), pp. 351-365.Google ScholarCross Ref
- 10.Wilkes, M. V., "Revisiting Computer Security in the Business World," Communications of the A CM 34, 8 (1991), pp. 19-21. Google ScholarDigital Library
Recommendations
A formal security policy for xenon
FMSE '08: Proceedings of the 6th ACM workshop on Formal methods in security engineeringThe up-front choice of security policy and formalism used to model it is critical to the success of projects that seek to enforce information-flow security. This paper reports on the Xenon project's choice of policy and formalism. Xenon is a high-...
Formal specification and integration of distributed security policies
We propose in this paper the Security Policy Language (SePL), which is a formal language for capturing and integrating distributed security policies. The syntax of SePL includes several operators for the integration of policies and it is endowed with a ...
Computer security policy: Important issues
A key success factor in implementing computer security is the much discussed and important issue of management commitment. Management commitment is demonstrated through the effective fostering of a computer security policy within the organization. Many ...
Comments