next up previous
Next: Implications for Implementations Up: Feustel, Mayfield: The DGSA: Previous: Information Domains

Security Policies

The DGSA does not explicitly describe the security policies that may be implemented. But it specifies that no implicit hierarchical trust or sensitivity relationships can be inferred between information domains. But this makes it still possible to adopt a wide range of common security policies. The authors refer, for example, to the ISO Security Framework. In the ISO Security Framework several services are defined. These include Authentication and Identification, Access Control, Confidentiality, Integrity, Availability, and Audit and Alarms. A possible policy for functional access control levels is given in reference to a paper from Saltzer and Schroeder: There, the following levels of access exist: Unprotected Systems with only one public information domain, All-or-nothing Systems that have one private information domain where only authenticated users are accepted, Controlled Sharing which implies that different access rights on each object requires multiple information domains, User-Programmed Sharing Controls that has separate information domains for protected objects with a domain per content type or per security policy, and Labeling Information with one domain per distinct label.

Tim Wellhausen
2000-01-20