Advertisement

Is there a need for new information security models?

  • S. A. Kokolakis
Chapter
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)

Abstract

A considerable number of formal information security models have been developed during the last two decades. We present and discuss some of the most widespread ones that have been successfully applied to the traditional, centralised Information Systems of the past. We show the special security needs of modern information systems that are based on the concepts of Open Distributed Processing, the Object-oriented paradigm and multimedia technology. We argue that these Information Systems need new or enhanced information security models in order to address the information security issue effectively and present some efforts towards this goal

Keywords

Information Security Information Systems Security Formal Information Security Models. 

References

  1. Bell, D.E. (1988) Concerning “Modelling” of Computer Security. In proceedings of 1988 IEEE Symposium on Security and Privacy.Google Scholar
  2. Boulahia-Cuppens, N., Cuppens, F, Gabillon, A. and Yazdanian, K. (1993) Multilevel Security in Object-Oriented Databases. In Security for Object-Oriented Systema (eds. B. Thuraisingham, K. Sandhu and T.C. Ting), proceedings of the OOPSLA-93 Conference Workshop on Security for Object-Oriented Systems, Springel-Verlag.Google Scholar
  3. Brewer, D.F.C. and Nash, M.J. (1989) The Chinese Wall Security Policy. In proceedings of the 1989 IEEE Symposium on Security and Privacy.Google Scholar
  4. Clark, D.D. and Wilson, D.R. (1987) A comparison of Commercial and Military Computer Security Policies. In proceedings of the 1987 IEEE Symposium on Security and PrivacyGoogle Scholar
  5. Commission of the European Communities (1993) Glossary of Information Systems Security, contract S2001, Definitions Within Information Systems Security.Google Scholar
  6. Gritzalis, D (1994) Information Security in Dependable Systems. PhD Thesis, University of Aegean, Greece, April 1994.Google Scholar
  7. Kang, M.H., Costich, O. and Froscher, J.N. (1993) Using Object Modeling Techniques to Design MLS Data Models. In Security for Object-Oriented Systema (eds. B. Thuraisingham, K. Sandhu and T.C. Ting), proceedings of the OOPSLA-93 Conference Workshop on Security for Object-Oriented Systems, Springel-Verlag.Google Scholar
  8. Kiountouzis, E.A. and Kokolakis,S.A. (1996) An Analyst’s View of IS Security. In proceedings of the 12th International Conference on Information Security IFIP’96, Samos, Greece.Google Scholar
  9. Kuhnhauser, W.E. (1995) On Paradigms for Security Policies in Multipolicy Environments. In Information Security — the Next Decade (eds. Ellof,J. and S. von Solms). Proceedings of the 11th International Conference on Information Security, IFIP’95, Chapman & Hall, London.Google Scholar
  10. Landwehr, C.E. (1981) Formal Models of Computer Security. ACM Computing Surveys vol. 13 (3), 1981.CrossRefGoogle Scholar
  11. Millen, J.K. (1989) Models of Multilevel Computer Security. Advances in Computers vol. 22. Academic Press Inc.Google Scholar
  12. Olivier, M.S. and vonSolms, S.H. (1992) DISCO: A Discretionary Security Model for Object-oriented Databases. In IT Security. the Need for International Cooperation (eds. G.G. Gable and W.J. Caelli). Proceedings of the 8th International Conference on Information Security, IFIP’92, North-Holland.Google Scholar
  13. Parker, D.B. (1995) A New Framework for Information Security to Avoid Information Anarchy. In Information Security — the Next Decade (eds. Ellof,J. and S. von Solms). Proceedings of the 11th International Conference on Information Security, IFIP’95, Chapman & Hall, London.Google Scholar
  14. Rieb, H.P. (1990) Modeling Security in Distributed Systems. In Computer Security and Information Integrity (eds. K. Dittrich, S. Rautakivi and J. Saari), Proceedings of the 7th International Conference on Information Security, IFIP SEC ’80, Elsevier Science Publ., 1991.Google Scholar
  15. Schoderbek, P., Schoderbek, G. and Kefalas, A. (1990) Management Systems. Conceptual Considerations, 4th ed., Irwin, Boston, 1990.Google Scholar
  16. Theimer, M.M., Nichols, D.A. and Terry, D.B. (1992) Delegation Through Access Control Programs. In proceedings of the 12th International Conference on Distributed Systems. IEEE Computer Society Press.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 1996

Authors and Affiliations

  • S. A. Kokolakis
    • 1
  1. 1.Department of InformaticsAthens University of Economics and BusinessAthensGreece

Personalised recommendations