Computer security policy

Computer security policy

A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is secure or insecure. These formal policy models can be categorized into the core security principles of: Confidentiality, Integrity and Availability. For example the Bell-La Padula model is a confidentiality policy model, whereas Biba model is an integrity policy model.

Contents

Formal description

If a system is regarded as a finite-state automaton with a set of transitions (operations) that change the system's state, then a security policy can be seen as a statement that partitions these states into authorized and unauthorized ones.

Given this simple definition one can define a secure system as one that starts in an authorized state and will never enter an unauthorized state.

Formal policy models

Confidentiality policy model

  • Bell-La Padula model

Integrity policies model

Hybrid policy model

Policy languages

To represent a concrete policy especially for automated enforcement of it, a language representation is needed. There exist a lot of application specific languages that are closely coupled with the security mechanisms that enforce the policy in that application.

Compared with this abstract policy languages, e.g. the Domain Type Enforcement-Language, are independent of the concrete mechanism.

See also

References

  • Bishop, Matt (2004). Computer security: art and science. Addison-Wesley. 
  • McLean, John (1994). "Security Models". Encyclopedia of Software Engineering. 2. New York: John Wiley & Sons, Inc. pp. 1136–1145. 

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Security policy — is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors,… …   Wikipedia

  • Computer security — This article is about computer security through design and engineering. For computer security exploits and defenses, see computer insecurity. Computer security Secure operating systems Security architecture Security by design Secure coding …   Wikipedia

  • Computer security incident management — In the fields of computer security and information technology, computer security incident management involves the monitoring and detection of security events on a computer or computer network, and the execution of proper responses to those events …   Wikipedia

  • Computer security conference — A computer security conference is a term that describes a convention for individuals involved in computer security. They generally serve as a meeting place for system and network administrators, hackers, and computer security experts. Contents 1… …   Wikipedia

  • Community of interest (computer security) — This article is about a specialized meaning in the field of computer security. For the more general meaning, see Community of interest. C.O.I., Community of Interest is a means by which network assets and or network users are segregated by some… …   Wikipedia

  • Network security policy — A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment. The document… …   Wikipedia

  • Information security policy documents — An information security policy document contains the written statements for how an organization intends to protect information. Written information security policy documents are required for compliance with various security and privacy… …   Wikipedia

  • Tom Cross (computer security) — Infobox Scientist name = Tom Cross box width = image width = 170px caption = Tom Cross at the Emperor (Happy Valley) Hotel in Hong Kong in 2001 birth date = 1976 birth place = Toronto, Canada death date = death place = residence = citizenship =… …   Wikipedia

  • Security engineering — is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to… …   Wikipedia

  • Computer ethics — is a branch of practical philosophy which deals with how computing professionals should make decisions regarding professional and social conduct.[1] Margaret Anne Pierce, a professor in the Department of Mathematics and Computers at Georgia… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”