Abstract
Actors in our general framework for secure systems can exert four types of control over other actors’ systems, depending on the temporality (prospective vs. retrospective) of the control and on the power relationship (hierarchical vs. peering) between the actors. We make clear distinctions between security, functionality, trust, and distrust by identifying two orthogonal properties: feedback and assessment. We distinguish four types of system requirements using two more orthogonal properties: strictness and activity. We use our terminology to describe specialized types of secure systems such as access control systems, Clark–Wilson systems, and the Collaboration Oriented Architecture recently proposed by The Jericho Forum.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S.T. Redwine Jr.: Towards an organization for software system security principles and guidelines, version 1.0., Technical Report 08-01, Institute for Infrastructure and Information Assurance, James Madison University (February 2008)
R. Jain: The Art of Computer Systems Performance Analysis: Techniques for Experimental Design, Measurement, Simulation, and Modeling (John Wiley and Sons, New York 1991)
L. Lessig: Code version 2.0 (Basic Books, New York, 2006)
The Open Group: Risk taxonomy, Technical standard C081 (January 2009)
N. Luhmann: Trust and Power (John Wiley and Sons, New York 1979), English translation by H. Davis et al.
M. Azuma: SQuaRE: The next generation of the ISO/IEC 9126 and 14598 international standards series on software product quality, Project Control: Satisfying the Customer (Proc. ESCOM 2001) (Shaker Publishing, 2001) pp. 337–346
S. Jajodia, P. Samarati, V.S. Subrahmanian: A logical language for expressing authorizations, IEEE Symposium on Security and Privacy (1997) pp. 31–42, 1997
D. Gollman: Security models. In: The History of Information Security: A Comprehensive Handbook, ed. by K. de Leeuw, J. Bergstra (Elsevier, Amsterdam 2007)
R. O’Brien, C. Rogers: Developing applications on LOCK, Proc. 14th National Security Conference, Washington (1991) pp. 147–156
C. Bettini, S. Jajodia, X.S. Wang, D. Wijesekera: Provisions and obligations in policy management and security applications, Proc. 28th Conf. on Very Large Databases (2002) pp. 502–513
A.D.H. Farrell, M.J. Sergot, M. Sallé, C. Bartolini: Using the event calculus for tracking the normative state of contracts, Int. J. Coop. Inf. Syst. 14(2/3), 99–129 (2005)
P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone: Requirements engineering for trust management: model, methodology, and reasoning, Int. J. Inf. Secur. 5(4), 257–274 (2006)
The Jericho Forum: Position paper: Collaboration oriented architectures (April 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Thomborson, C. (2010). A Framework for System Security. In: Stavroulakis, P., Stamp, M. (eds) Handbook of Information and Communication Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04117-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-04117-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04116-7
Online ISBN: 978-3-642-04117-4
eBook Packages: EngineeringEngineering (R0)