A framework for the management of information security

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 1396, Issue , 1998, Pages 232-245

  Leiwo, Jussipekka ^a   Zheng, Yuliang ^a  

^a MONASH UNIVERSITY   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; CRYPTOGRAPHY; SPECIFICATIONS;

ACCESS CONTROL MODELS; COMPREHENSIVE INFORMATION; CRYPTOGRAPHIC TECHNIQUES; HIGH-LEVEL INFORMATION; INFORMATION SECURITY REQUIREMENTS; ORGANIZATIONAL MODELS; SECURITY ENFORCEMENT MECHANISMS; TECHNICAL INFORMATION;

SECURITY SYSTEMS;

EID: 84947916320     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/bfb0030424     Document Type: Conference Paper

References (27)

1. Trusted computer systems evaluation criteria. U. S. Department of Defence, 1983.
2. M. Adabi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. In Advances in Cryptology-Crypto'91, 1991.
3. J. Backhouse and G. Dhillon. Structures of responsibility and security of information systems. European Journal of Information Systems, 5:2-9, 1996.
4. D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, MITRE Corporation, Bedford, MA, USA, 1975.
5. K. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, MITRE Corporation, Bedford, Massachusetts, USA, 1977.
6. H. Booysen and J. Eloff. A methodology for the development of secure application systems. In Proceedings of the IFIP TC11 11th International Conference on Information Security, 1995.
7. E. R. Buck. Introduction to Data Security and Controls. QED Technical Publishing Group, Wellesley, MA, USA, second edition, 1991.
8. D. D. Clark and D. R. Wilson. A comparison of commercial and military security policies. In 1987 IEEE Symposium on Security and Privacy, 1987.
9. W. Diffîe and M. E. Heilman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22(6):644-654, Nov. 1976.
10. T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4):469-472, 1985.
11. Federal Information Processing Standards Publications (FIPS PUB) 46. Data Encryption Standard. National Bureau of Standards, Jan. 1977.
12. A. Hartmann. Comprehensive information technology security: A new approach to respond ethical and social issues surrounding information security in the 21st century. In Proceedings of the IFIP TC11 11th international conference of Information Security, Cape Town, South Africa, May 1995.
13. S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In Proceedings of the IEEE Symposium on Security and Privacy, 1997.
14. L. J. LaPadula. Foreword for republishing of the Bell-LaPadula model. Journal of Computer Security, 4:233-238, 1996.
15. J. Leiwo and S. Heikkuri. Clarifying concepts of information security management. In Proceedings of the 2nd International Baltic Workshop on DB and IS, Tallinn, Estonia, June 1996.
16. J. Leiwo and Y. Zheng. A formal model to aid in documenting and harmonization of information security requirements. In Proceedings of the IFIP TC11 13th International Conference on Information Systems Security, 1997.
17. J. Leiwo and Y. Zheng. A mandatory access control policy model for information security requirements. In Proceedings of the 21st Australasian Computer Science Conference (ACSC'98), 1998.
18. S. Muftic, A. Patel, P. Sanders, R. Colon, J. Heijnsdijk, and U. Pulkkinen. Security Architecture for Open Distributed Systems. John Wiley & Sons, 1994.
19. R. L. Rivest, A. Shamir, and L. M. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Commun. ACM, 21 (2):120-126, Feb. 1978.
20. R. S. Sandhu. Lattice-based access control models. IEEE Computer, pages 9-19, Nov. 1993.
21. R. S. Sandhu, E. J. Coyne, H. J. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, Feb. 1996.
22. B. Schneier. Applied Cryptography. John Wiley & Sons, New York, second edition, 1996.
23. W. Stallings. Network and Internetwork Security: Principles and Practise. Prentice Hall, Inc., Englewood Cliffs, NJ, USA, 1995.
24. D. F. Sterne. On the buzzword Security Policy. In IEEE Symposium on Security and Privacy, 1991.
25. T. Y. Woo and S. S. Lam. Authorization in distributed systems: A formal approach. In Proceedings of 1992 IEEE Symposium on Research in Security and Privacy, 1992.
26. Y. Zheng. Digital signcryption or how to achieve cost (signature & encryption) ≤ cost (signature) + cost(encryption). In Advances in Cryptology-Crypto'97, number 1294 in Lecture Notes in Computer Science. Springer-Verlag, 1997.
27. Y. Zheng. The SPEED cipher. In Proceedings of the Financial Cryptography'97, 1997.