The application of mandatory security policies in object-oriented systems require objects to be single-level, i.e., all information in an object must have the same security classification. However, real-world entities are often multilevel. Moreover, different coexistence options for property values at different levels are needed. In this paper we present a model for specifying multilevel entities. The proposed entity model supports different options by which users can specify whether low level values of entity properties are to be considered valid at higher levels or whether they represent cover stories not valid at higher levels. We then illustrate how entities expressed in this model can be mapped onto single-level objects. We also present a methodology and algorithms to automatically perform such a mapping.

Mandatory security and object-oriented systems : a multilevel entity model and its mapping onto a single-level object model / E. Bertino, E. Ferrari, P. Samarati. - In: THEORY AND PRACTICE OF OBJECT SYSTEMS. - ISSN 1074-3227. - 4:3(1998), pp. 183-204. [10.1002/(SICI)1096-9942(1998)4:3<183::AID-TAPO4>3.0.CO;2-T]

Mandatory security and object-oriented systems : a multilevel entity model and its mapping onto a single-level object model

P. Samarati
Ultimo
1998

Abstract

The application of mandatory security policies in object-oriented systems require objects to be single-level, i.e., all information in an object must have the same security classification. However, real-world entities are often multilevel. Moreover, different coexistence options for property values at different levels are needed. In this paper we present a model for specifying multilevel entities. The proposed entity model supports different options by which users can specify whether low level values of entity properties are to be considered valid at higher levels or whether they represent cover stories not valid at higher levels. We then illustrate how entities expressed in this model can be mapped onto single-level objects. We also present a methodology and algorithms to automatically perform such a mapping.
Settore INF/01 - Informatica
1998
Article (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/180045
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 2
social impact