The authors first describe some issues that arise from theninterplay between the security requirements for an integrated projectnsupport environment (IPSE) for the development of a trusted system, andnthe security requirements of the trusted system itself. All of thesenissues derive from security policy and the modeling of security policy.nA framework is then presented which allows security policies to benexpressed in the context of the enterprise whose needs the trustednsystem is intended to serve. Finally some possible applications of thenframework are used to indicate how security policies affect designndecision-making, security policy conflict detection, and security risknevaluation
展开▼