Title :
Model of access control policy for civil agencies
Author :
Rogers, Kristina C.
Author_Institution :
Mitre Corp., Bedford, MA, USA
Abstract :
Proposes a general model for access control policy for civil agencies. Different types of sensitive, but unclassified information and the special operational requirements for civil agencies are described. A wide number of systems were reviewed and hundreds of access control requirements were identified. Nevertheless, it was found that the access control rules fell into six general categories of 16 rules. A model for an access control policy is defined that is comprised of entities such as subjects and objects and a set of rules. Then, the model is applied to a sample of IRS security requirements in order to show how the model could be used to express requirements for a real application
Keywords :
access control; government data processing; security of data; Internal Revenue Service; access control policy; civil agencies; operational requirements; rules; security requirements; sensitive information; unclassified information; Access control; Application software; Availability; Computer applications; Computer crime; Computer security; Information security; Lattices; Leg; Personnel;
Conference_Titel :
Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-8186-2105-2
DOI :
10.1109/CSAC.1990.143814
