Oakland, CA, USA
April 27, 1987 to April 29, 1987
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.1987.10001
Most discussions of computer security focus on control of disclosure. In Particular, the U.S. Department of Defense has developed a set of criteria for computer mechanisms to provide control of classified information. However, for that core of data processing concerned with business operation and control of assets, the primary security concern is data integrity. This paper presents a policy for data integrity based on commercial data processing practices, and compares the mechanisms needed for this policy with the mechanisms needed to enforce the lattice model for information security. We argue that a lattice model is not sufficient to characterize integrity policies, and that distinct mechanisms are needed to Control disclosure and to provide integrity.
David D. Clark, David R. Wilson, "A Comparison of Commercial and Military Computer Security Policies", SP, 1987, 1987 IEEE Symposium on Security and Privacy, 1987 IEEE Symposium on Security and Privacy 1987, pp. 184, doi:10.1109/SP.1987.10001