HOME

TheInfoList



Click Here for Items Related To - Computer Security Policy
OR:
Computer Security Policy on:   [Wikipedia]   [Google]   [Amazon]

A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is ''secure'' or ''insecure''. These formal policy
models A model is an informative representation of an object, person or system. The term originally denoted the plans of a building in late 16th-century English, and derived via French and Italian ultimately from Latin ''modulus'', a measure. Models c ...
can be categorized into the core security principles of Confidentiality, Integrity, and Availability. For example, the Bell-La Padula model is a ''confidentiality policy model'', whereas the
Biba model The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1975, is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are group ...
is an ''integrity policy model''.


Formal description

If a system is regarded as a
finite-state automaton A finite-state machine (FSM) or finite-state automaton (FSA, plural: ''automata''), finite automaton, or simply a state machine, is a mathematical model of computation. It is an abstract machine that can be in exactly one of a finite number o ...
with a set of transitions (operations) that change the system's state, then a ''security policy'' can be seen as a statement that partitions these states into authorized and unauthorized ones. Given this simple definition, one can define a ''secure system'' as one that starts in an authorized state and will never enter an unauthorized state.


Formal policy models


Confidentiality policy model

* Bell-La Padula model


Integrity policies model

*
Biba model The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1975, is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are group ...
* Clark-Wilson model


Hybrid policy model

*
Chinese Wall A Chinese wall or ethical wall is an information barrier protocol within an organization designed to prevent exchange of information or communication that could lead to conflicts of interest. For example, a Chinese wall may be established to sepa ...
(Also known as
Brewer and Nash model The Brewer and Nash model was constructed to provide information security access controls that can change dynamically. This security model, also known as the Chinese wall model, was designed to provide controls that mitigate conflict of interest in ...
)


Policy languages

To represent a concrete policy, especially for automated enforcement of it, a language representation is needed. There exist a lot of application-specific languages that are closely coupled with the security mechanisms that enforce the policy in that application. Compared with this abstract policy languages, e.g., the Domain Type Enforcement-Language, is independent of the concrete mechanism.


See also

*
Anti-virus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
* Information Assurance - CIA Triad *
Firewall (computing) In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted ne ...
* Protection mechanisms *
Separation of protection and security In computer sciences, the separation of protection and security is a design choice. Wulf et al. identified protection as a mechanism and security as a policy,Wulf 74 pp.337-345 therefore making the protection-security distinction a particular case ...
* ITU Global Cybersecurity Agenda


References

* * *Clark, D.D. and Wilson, D.R., 1987, April. A comparison of commercial and military computer security policies. In ''1987 IEEE Symposium on Security and Privacy'' (pp. 184-184). IEEE. {{DEFAULTSORT:Computer Security Policy Computer security procedures Computer security models