Sciweavers

SP
1990
IEEE

Some Conundrums Concerning Separation of Duty

14 years 3 months ago
Some Conundrums Concerning Separation of Duty
This paper examines some questions concerning commercial computer security integrity policies. We give an example of a dynamic separation of duty policy which cannot be implemented by TCSEC based mechanisms alone, yet occurs in the real commercial world, and can be implemented efficiently in practice. We examine and describe a commercial computer security product in wide use for ensuring the integrity of financial transactions, show that it implements a well defined and sensible integrity policy that includes separation of duty, yet fails to meet either the TCSEC criteria or the Clark and Wilson rules.
M. J. Nash, K. R. Poland
Added 11 Aug 2010
Updated 11 Aug 2010
Type Conference
Year 1990
Where SP
Authors M. J. Nash, K. R. Poland
Comments (0)