Computer Security Models
Abstract
The purpose of this report is to provide a basis for evaluating security models in the context of secure computer system development for DoD applications. A number of existing models are summarized, and some general considerations for designing and using security models are presented. A new model is also presented, addressing the security policy for A1 systems as defined in the DoD trusted Computer System Evaluation Criteria. A paper by Landwehr discusses the role of formal security models and surveys several basic ones. Report overlaps with Landwehr's somewhat in the choice of models, but (its author have included a number of more recent models, with an emphasis on concrete ones, and the models are presented here in more detail. The models surveyed in this report are listed by category in Table I. In the 'General Models' category are three models that are used to express security policies in a general way, without architectural assumptions that would force them into any of the other categories. Consequently, these models can be used to prove results or state requirements that apply to all of the more concrete models, and thus help to evaluate them.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 1984
- Accession Number
- ADA166920
Entities
People
- C. M. Cerniglia
- J. K. Millen
Organizations
- MITRE Corporation