|
|
|
Nash and Poland discuss realistic situations in which mechanisms are unable to enforce the principle of separation of duty [742]. Other studies of this principle include its use in role-based access control [600, 928], databases [782], and multilevel security [363]. Notargiacomo, Blaustein, and McCollum [781] present a generalization of Clark-Wilson suitable for trusted database management systems that includes dynamic separation of duty.
Integrity requirements arise in many contexts. Saltman [863] provides an informative survey of the requirements for secure electronic voting. Chaum's classic paper on electronic payment [185] raises issues of confidentiality and shows that integrity and anonymity can coexist. Integrity in databases is crucial to their correctness [46, 334, 418]. The analysis of trust in software is also an issue of integrity [23, 730].
Chalmers compares commercial policies with governmental ones [177]. Lee [619] discusses an alternative to Lipner's use of mandatory access controls for implementing commercial policies.
|
|
|
| Top |