A multidimensional approach to multilevel security

Information Management & Computer Security

Volumn 16, Issue 5, 2008, Pages 436-448

  Winjum, Eli ^a   Kjetil M⊘lmann, Bj⊘rn ^b  

^a NORWEGIAN DEFENCE RESEARCH ESTABLISHMENT FFI   (Norway)

^b Kubekit AS   (Norway)

Author keywords

Data security; Information systems

Indexed keywords

INFORMATION SYSTEMS; SECURITY OF DATA; SENSOR NETWORKS; TELECOMMUNICATION NETWORKS;

ARBITRARY NUMBERS; BINARY OPERATIONS; CLOCK CYCLES; COMMUNICATION NETWORKS; DATA SECURITY; DESIGN/METHODOLOGY/APPROACH; DIRECTIONAL INFORMATIONS; GENERIC INFORMATIONS; IN-DEPTH STUDIES; LIGHT WEIGHTS; LIMITED CAPACITIES; MLS MODELS; MULTI-DIMENSIONAL APPROACHES; MULTI-LEVEL SECURITIES; MULTIDIMENSIONAL VECTORS; ONE DIMENSIONS; OPERATING SYSTEMS; POTENTIAL APPLICATIONS; SECURITY ATTRIBUTES; SECURITY LEVELS; SECURITY REQUIREMENTS; SENSOR INFORMATIONS; SOFTWARE-BASED; TAMPER-PROOF DEVICES; UNDEFINED STATE; VERIFICATION ALGORITHMS; VERIFICATION METHODS;

AIRCRAFT LANDING SYSTEMS;

EID: 60049087606     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220810920521     Document Type: Article

References (22)

1. Bell, D.E. and LaPadula, L.J. (1975), “Secure computer systems, mathematical foundations”, Mitre Corp. Report No. MTR-2547, Mitre Corp., Bedford, MA.
2. Biba, K.J. (1977), “Integrity considerations for secure computer systems”, Mitre Corp. Report No. MTR-3153, Mitre Corp., Bedford, MA, Bedford, MA.
3. Bishop, M. (2003), Computer Security: Art and Science, Addison-Wesley, Boston, MA, pp. 95-99.
4. Denning, D.E. (1976), “A lattice model of secure information flow”, Communications of the ACM, Vol. 19 No. 5, pp. 236-243.
5. Galik, D. and Tretick, B. (1991), “Fielding multilevel security into command and control systems”, Proceedings of the 7th Annual Computer Security Applications Conference, pp. 202-8.
6. Hoffman, P. (Ed.) (1999), “Enhanced security services for S/MIME”, Internet Engineering Task Force (IETF) rfc 2634.
7. Housley, R. (1993), “Security label framework for the internet”, Internet Engineering Task Force (IETF) rfc 1457.
8. Huang, Q. and Shen, C. (2004), “A new MLS mandatory policy combining secrecy and integrity implemented in highly classified secure level OS”, Proceedings of the 7th International Conference on Signal Processing (ICSP'04), Vol. 3, pp. 2409-12.
9. Irvine, C.E., Levin, T.E., Nguyen, T.D., Shifflett, D., Khosalim, J., Clark, P.C., Wong, A., Afinidad, F., Bibighaus, D. and Sears, J. (2004), “Overview of a high assurance architecture for distributed multilevel security”, Proceedings of the 2004 IEEE Workshop on Information Assurance and Security, pp. 38-45.
10. Kang, J-M., Shin, W., Park, C-G. and Lee, D-I. (2001), “Extended BLP security model based on process reliability for secure Linux kernel”, Proceedings of the 2001 Pacific Rim International Symposium on Dependable Computing, IEEE Computer Society, pp. 299-303.
11. Kuhn, D.R. (1998), “Role based access control on MLS systems without kernel changes”, paper presented at 3rd ACM Workshop on Role-Based Access Control.
12. Landwehr, C.E., Heitmeyer, C.L. and McLean, J.D. (1984), “A security model for military message systems”, ACM Transactions on Computer Systems, Vol. 2 No. 3, pp. 198-222.
13. Lipner, S. (1982), “Non-discretionary controls for commercial applications”, Proceedings of the 1982 IEEE Symposium on Security and Privacy, pp. 2-10.
14. Liu, Y. and Li, X. (2005), “Lattice model based on a new information security function”, Proceedings of the 8th International Symposium on Autonomous Decentralized Systems (ISADS 2005), pp. 566-9.
15. Microsoft (2008), “Microsoft”, available at: www.microsoft.com/.
16. Neugent, B. (1994), “Where we stand in multilevel security (MLS): requirements, approaches, issues, and lessons learned”, Proceedings of the 10th Annual Computer Security Applications Conference, pp. 304-5.
17. NIST (2006), “Glossary of key information security terms”, NIST IR 7298, National Institute of Standards and Technology, Gaithersburg, MD.
18. Osborne, S., Sandhu, R. and Munawer, Q. (2000), “Configuring role-based access control to enforce mandatory and discretionary access control policies”, ACM Transactions on Information and System Security, Vol. 3 No. 2, pp. 85-106.
19. Sandhu, R.S. (1993), “Lattice-based access control models”, IEEE Computer, Vol. 26 No. 11, pp. 9-19.
20. Sandhu, R.S., Ferraiolo, D., Gavrila, S., Hu, V. and Kuhn, R. (2000), “The NIST model for role-based access control: towards a unified standard”, Proceedings of the 5th ACM Workshop on Role Based Access Control.
21. Shirey, R.W. (2000), “Internet security glossary”, Internet Engineering Task Force (IETF) rfc 2828.
22. Sun Microsystems (2008), “Sun Microsystems”, available at: www.sun.com/.