Proposes a probabilistic type of measure theory which estimates the amount of security relevant information of every subset of a given aggregate. This probabilistic measure theory provides each application a means or mechanism to furnish the system a numerical measure to assist the system security officer for making decisions on releasing or downgrading the internal data of the aggregate. A scenario for solving the aggregation problems during the design phase is proposed. In developing this work, two guiding principles are applied: Minimum Aggregation Principle (MAP) and the Maximum Protection Principle (MPP). MAP keeps both the number of elements in an aggregation and the number of aggregates to a minimum, while MPP keeps the unnecessary risks to a minimum.
展开▼