Simultaneous enforcement of the Bell-LaPadula and the Biba security policy models in an OSI-distributed system

Author

Verschuren, Jan ; Govaerts, René ; Vandewalle, Joos

Author_Institution

TNO, Delft, Netherlands

fYear

1992

fDate

16-20 Nov 1992

Firstpage

257

Abstract

The article concentrates on enforcing security policies on a distributed basis. More specifically, the Biba and the B-LP security policies are addressed. Key-distributions are analysed which are in conformance with the two policies. It turned out that the Biba and the B-LP models can be enforced if the OSI-RM communication subsystem of each end-system is equipped with one key-pair of a public key system (PKS). If no end-system were broken, then the key-pair in every end-system may be the same. In that case however, the consequences of breaking an end-system are disastrous. A key-distribution where each end-system is equipped with a (different) key-pair is much more resistant against breaking an end-system: in that case the consequences of breaking an end-system can be as limited as possible. Besides, the latter key-distribution enables identification and exclusion of the broken end-system. Consequently, the other end-systems can go on communicating according to their respective security policies as they did before

Keywords

computer networks; distributed processing; open systems; public key cryptography; security of data; Bell-LaPadula security policy; Biba security policy; OSI-RM communication subsystem; OSI-distributed system; broken end-system; computer networks; end-system; key-distribution; key-pair; public key system; security policy enforcement; Application software; Buildings; Communication system security; Computer networks; Computer security; Data security; Information security; Open systems; Public key; Vocabulary;

fLanguage

English

Publisher

ieee

Conference_Titel

Singapore ICCS/ISITA '92. 'Communications on the Move'

Print_ISBN

0-7803-0803-4

Type

conf

DOI

10.1109/ICCS.1992.254992

Filename

254992