Security Policies

There is no doubt that systems are required to be secure, but what is a secure system?

Policies define what makes a system safe by specifying what is allowed, and what is not allowed. A system that is secure according to one policy might just as well be insecure according to another. Policies can be either informal or based on mathematical models. Today we will take a closer look on formal policies.

In order to understand the models we will first look at the formal definition of security, for instance how confidentialy and integrity are actually defined. We will cover different kinds of security policies, and for each kind we will also look closer at a specific model. The models covered are:

Download the lecture notes as a PDF. Or, alternatively, download the lecture notes as handouts (6 per page).


Intensive reading: Distributed Systems, 7.2.4


Primary set: -

Secondary set: -