Roger R. Schell scite author profile

The term security model has been used to describe any formal statement of a system's confidentiality, availability, or integrity requirements. In this article we focus on the primary use of security models, which has been to describe general confidentiality requirements. We then give pointers to security model work in other areas. Even if we limit ourselves to models of confidentiality, there are two related, but distinct, senses of the term security model in the computer security literature. In the more limited use of the term, a security model specifies a particular mechanism for enforcing confidentiality, called access control , which was brought over into computer security from the world of documents and safes. In the more general usage of the term, security models are specifications of a system's confidentiality requirements and are not “models” at all in that they specify security requirements without describing any particular mechanism for implementing these requirements. These models specify restrictions on a system's interface (usually its input/output relation) that are sufficient to ensure that any implementation that satisfies these restrictions will enforce confidentiality. We consider access control models and interface models in turn after types are also descussed.

show abstract

The SeaView security model

Denning

Lunt

Schell

et al.

View full text Add to dashboard Cite

A formal security policy model that uses basic view concepts for a secure multilevel relational database system is described. The model is formulated in two layers, one corresponding to a security kernel or reference monitor that enforces mandatory security, and the second defining multilevel relations and formalizing policies for labeling new and derived data, data consistency, discretionary security, and transaction consistency. This includes the policies for sanitization, aggregation, and downgrading. The model also defines application-independent properties for entity integrity, referential integrity, and polyinstantiation integrity.

show abstract

Multics security evaluation: vulnerability analysis

Karger

Schell

View full text Add to dashboard Cite

show abstract

Security Kernel Design and Implementation: An Introduction

1983

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Roger R. Schell

The SeaView security model

Security Models

The SeaView security model

Multics security evaluation: vulnerability analysis

Security Kernel Design and Implementation: An Introduction

Contact Info

Product

Resources

About