The enforcement of security policies for computation

Security policies define who may use what information in a computer system. Protection mechanisms are built into a system to enforce security policies. In most systems, however, it is quite unclear what policies a mechanism can or does enforce. This paper defines security policies and protection mechanisms precisely and bridges the gap between them with the concept of soundness: whether a protection mechanism enforces a policy. Different sound protection mechanisms for the same policy can then be compared. We also show that the “union” of mechanisms for the same program produces a more “complete” mechanism. Although a “maximal” mechanism exists, it cannot necessarily be constructed.

• Publication year

  1975

• Venue

  Journal of computer and system sciences (Print)

• Publication date

  1975-11-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1145/800213.806538
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• A lattice model of secure information flow

  1976cited by this paper
• On protection in operating systems

  1975cited by this paper
• Secure information flow in computer systems

  1975cited by this paper
• A Provably Secure Operating System.

  1975cited by this paper
• HYDRA

  1974cited by this paper
• Memoryless Subsystems

  1974cited by this paper
• Potential Capabilities in Algol-Like Programs

  1974cited by this paper
• Making computers keep secrets

  1973influential reference
• A note on the confinement problem

  1973cited by this paper
• Protection in programmed systems.

  1973influential reference
• Cooperation of mutually suspicious subsystems in a computer utility

  1972cited by this paper
• The multics system: an examination of its structure

  1972cited by this paper
• Verifiable secure operating system software

  1899cited by this paper
• Security controls in the ADEPT-50 time-sharing system

  1899cited by this paper
• Purdue e-Pubs Purdue e-Pubs

  year unknowncited by this paper

• Keyword Extraction From Specification Documents for Planning Security Mechanisms

  2023cites this paper
• Autonomous Vehicle Security: Composing Attack, Defense, and Policy Surfaces

  2022cites this paper
• DITTANY: Strength-Based Dynamic Information Flow Analysis Tool for x86 Binaries

  2022cites this paper
• Project Spaceman: early British computer security and automatic data processing

  2022cites this paper
• Industry Interaction: A Comparative Analysis of the Influence of Formal and Informal Knowledge Transfer Mechanisms on Firm-Level Innovation in Ghana

  2020cites this paper
• Understanding Cyber Security Perceptions Related to Information Risk in a Healthcare Setting

  2016cites this paper
• Secure Defensive Mechanisms: An Appropriate Categorisation

  2015cites this paper
• AIR FORCE OFFICT OF SCIENTIFIC RSSEARC NOTICE OF TRANSWITTAL TO DDü

  2014cites this paper
• Quantitative analysis of the release order of defensive mechanisms

  2014cites this paper
• A Bibliography of Publications on Cryptography: 1606–1989

  2013cites this paper
• Dynamic, Flexible, and Optimistic Access Control

  2013cites this paper
• Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems

  2012cites this paper
• Improving Information Security Through Technological Frames of Reference

  2011cites this paper
• A Risk Management Approach to the "Insider Threat"

  2010cites this paper
• Algorithms and tool support for dynamic information flow analysis

  2009cites this paper
• PRECIP: Towards Practical and Retrofittable Confidential Information Protection

  2008cites this paper
• Confidentiality Enforcement Using Dynamic Information Flow Analyses

  2007cites this paper
• Dynamic Information Flow Analyses

  2007cites this paper
• INFORMATION FLOW IN A JAVA INTERMEDIATE LANGUAGE

  2007cites this paper
• Typing Secure Information Flow: Declassification and Mobility

  2006cites this paper
• . Why Formal Models?

  2006cites this paper
• Dynamic information flow analysis, slicing and profiling

  2005cites this paper
• Using dynamic information flow analysis to detect attacks against applications

  2005cites this paper
• Program transformation techniques for host-based intrusion prevention

  2005cites this paper
• On declassification and the non-disclosure policy

  2005cites this paper
• Detecting and debugging insecure information flows

  2004cites this paper
• Dynamic Information Flow Analysis and Dynamic Slicing ( Extended Version )

  2003cites this paper
• Dynamic label binding at run-time

  2003cites this paper
• A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow

  2001cites this paper
• Secrecy for Mobile Implementations of Security Protocols

  2001cites this paper
• Mostly-static decentralized information flow control

  1999cites this paper
• Specification and verification of security policies

  1996cites this paper
• Compile-Time Detection of Information Flow in Sequential Programs

  1994cites this paper
• MECHANICAL PROOFS OF SECURITY PROPERTIES

  1994cites this paper
• A Security Proof System for Networks of Communicating Processes

  1993cites this paper
• Information flow control in a parallel language framework

  1993cites this paper
• Using program dependence graphs for information flow control

  1992cites this paper
• Multilevel security and concurrency control for distributed computer systems

  1990cites this paper
• On the Identification of Covert Storage Channels in Secure Systems

  1990cites this paper
• Data Dependency Graphs for Ada Programs

  1990cites this paper
• Petri net based modelling of information flow security requirements

  1990cites this paper
• Covert Channel Capacity

  1987cites this paper
• Theoretical Issues Concerning Protection in Operating Systems

  1985cites this paper
• The verification of the protection mechanisms of high-level language machines

  1984cites this paper
• Formal Models for Computer Security

  1981cites this paper
• SOME SYSTEMS FOR MODELING COMPUTER SECURITY REQUIREMENTS

  1981cites this paper
• Database security-system architectures

  1981cites this paper
• A Survey of Formal Models for Computer Security.

  1981cites this paper
• Information Flow Analysis of Formal Specifications

  1981cites this paper
• A security policy for a profile-oriented operating system

  1981cites this paper
• An Axiomatic Approach to Information Flow in Programs

  1980influential citation
• Architectural approaches to secure databases

  1980cites this paper
• The transfer of information and authority in a protection system

  1979cites this paper
• A mechanism for information control in parallel systems

  1979cites this paper
• OPERATING SYSTEM SECURITY

  1979cites this paper
• Secure databases

  1979cites this paper
• Protection Mechanisms and the Enforcement of Security Policies

  1978cites this paper
• Security and Privacy

  1978cites this paper
• Possibility theory: As a means for modeling computer security and protection

  1978cites this paper
• Certifying information flow properties of programs: an axiomatic approach

  1978cites this paper
• A hardware architecture for controlling information flow

  1978cites this paper
• Survey of recent operating systems research, designs and implementations

  1978cites this paper
• Shifting garbage collection overhead to compile time

  1977cites this paper
• Information transmission in computational systems

  1977cites this paper
• Certification of programs for secure information flow

  1977cites this paper
• On virtual machine integrity

  1976cites this paper
• A lattice model of secure information flow

  1976influential citation
• On the Derivation of Lattice Structured Information Flow Policies

  1976cites this paper
• Security Kernel validation in practice

  1976cites this paper
• Purdue e-Pubs Purdue e-Pubs

  year unknowncites this paper