next up previous
Next: Security Policies Up: Feustel, Mayfield: The DGSA: Previous: Requirements

Information Domains

Information domains are used to achieve the desired goals of flexibility and multiple security policies. An information domain contains information objects, users (called principles), and a single information security policy. An information object can be a file or any kind of data which can be accessed. Every information object is a member of exactly one information domain and has security attributes that are the same among all objects within a domain. Thus, it is not necessary to distinguish sensitivity of objects while operating on them inside a domain. All objects are at the same sensitivity level within one information domain. Only when an object is to be exported into another domain, the policy regarding sensitivity must be consulted. Therefore, the main challenge in implementing such a system is to assure that there are mechanisms to transfer objects between information domains that may be on different platforms and inside different systems. Each principle also has a set of attributes. These attributes define the rights a principle has to get access to objects. Once more, this is controlled by the security policy of the information domain. Each information domain defines explicit relationships to other information domains. If these relationships are not provided, domains must be strictly isolated. Only if such a relationship between two domains exist, one domain allows the export to the other domain, and the other one allows the import, then the transfer may be performed.
next up previous
Next: Security Policies Up: Feustel, Mayfield: The DGSA: Previous: Requirements
Tim Wellhausen
2000-01-20