The application of mandatory security policies in object-oriented systems require objects to be single-level, i.e., all information in an object must have the same security classification. However, real-world entities are often multilevel. Moreover, different coexistence options for property values at different levels are needed. In this paper we present a model for specifying multilevel entities. The proposed entity model supports different options by which users can specify whether low level values of entity properties are to be considered valid at higher levels or whether they represent cover stories not valid at higher levels. We then illustrate how entities expressed in this model can be mapped onto single-level objects. We also present a methodology and algorithms to automatically perform such a mapping.
Mandatory security and object-oriented systems : a multilevel entity model and its mapping onto a single-level object model / E. Bertino, E. Ferrari, P. Samarati. - In: THEORY AND PRACTICE OF OBJECT SYSTEMS. - ISSN 1074-3227. - 4:3(1998), pp. 183-204. [10.1002/(SICI)1096-9942(1998)4:3<183::AID-TAPO4>3.0.CO;2-T]
Mandatory security and object-oriented systems : a multilevel entity model and its mapping onto a single-level object model
P. SamaratiUltimo
1998
Abstract
The application of mandatory security policies in object-oriented systems require objects to be single-level, i.e., all information in an object must have the same security classification. However, real-world entities are often multilevel. Moreover, different coexistence options for property values at different levels are needed. In this paper we present a model for specifying multilevel entities. The proposed entity model supports different options by which users can specify whether low level values of entity properties are to be considered valid at higher levels or whether they represent cover stories not valid at higher levels. We then illustrate how entities expressed in this model can be mapped onto single-level objects. We also present a methodology and algorithms to automatically perform such a mapping.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.