摘要
多级安全策略主要描述了军用系统的安全需求,侧重于信息的非授权泄露即机密性;“中国墙”策略描述了金融服务系统的安全需求,不适用于其他类系统;而在商用领域,安全需求偏重于信息的非授权修改即完整性.通过分析不同系统的安全需求,综合考虑信息处理对完整性和机密性的要求,文中提出了一种新的基于角色的安全策略,它适用于多种类型的系统.
The multilevel security policy mainly represents the security requirements of military computer systems. It deals almost entirely with controlling the unauthorized dissemination of information, i.e., confidentiality. The “Chinese Wall” policy describes the security requirements of financial service systems, it is not applicable to other kinds of systems. Whereas in commercial world, the concern focuses on controlling the unauthorized modification of information, i.e., integrity. As a result of analyzing various security requirements of different kinds of systems, a new security policy based on role is proposed,which concerns confidentiality and integrity of information in information processing, so it could be applicable to different kinds of systems.
出处
《计算机研究与发展》
EI
CSCD
北大核心
1998年第5期447-450,共4页
Journal of Computer Research and Development
基金
国家密码发展基金
关键词
安全策略
计算机安全
角色
security policy, computer security, role
