Implementation of a capabilities knowledge base for data integrity

Author

Shimp, James E. ; Filsinger, J.

Author_Institution

E-Systems, St. Petersburg, FL, USA

fYear

1989

fDate

9-12 Apr 1989

Firstpage

283

Abstract

The authors describe an implementation of an integrity-supporting discretionary access control mechanism-the capabilities knowledge base (CKB)-as an extension to the Clark and Wilson model (1987). They advocate using the audit trail to the fullest extent possible, not as just a passive collection of system events, but also as an active resource for solving the division-of-tasks problem that results from separation of duty. They emphasize that CKB can enforce the separation of duty as described in the Clark and Wilson model and therefore adds a measure of protection to information against unauthorized modification. This use of a knowledge base implementation is perceived as the only viable technical solution to the division-of-tasks problem. A high-level design for a CKB in support of data integrity is presented. The current implementation of CKB provides the functionality to import audit events and capability requests to the inferencing mechanism

Keywords

data integrity; expert systems; knowledge based systems; safety systems; security of data; CKB; Clark and Wilson model; audit events; audit trail; capabilities knowledge base; capability requests; data integrity; division-of-tasks problem; inferencing mechanism; information protection; integrity-supporting discretionary access control; separation of duty; unauthorized modification; Certification; Protection; Read only memory;

fLanguage

English

Publisher

ieee

Conference_Titel

Southeastcon '89. Proceedings. Energy and Information Technologies in the Southeast., IEEE

Conference_Location

Columbia, SC

Type

conf

DOI

10.1109/SECON.1989.132375

Filename

132375