A Formal Framework for Security Policy Specification and Implementation

摘要

In information systems, security policies are used to specify various security requirements, and the guarantee of these requirements can be obtained by implementing the security policies efficiently and consistently. Therefore, specification and implemen-tation of security policies are of great importance to information system security. In this paper, we propose a formal security policy framework, allowing to specify diverse security policies, together with a description of implementation of security policies, which can enhance the efficiency and security of the information system. As an example, we show how the proposed model can be used to specify and implement the Bell and LaPadula policies.