Accounting

Assignment 1: Information Needs for the AIS Case Study

Hend Anowar

Dr.mohammad

Acc 564 Accounting information system

January, ,2014

Evaluate the level of system security (i.e., high, medium, low) needed to ensure information integrity within automated business systems. Provide support for your evaluation.

The successful design and implementation of secure systems must include security concerns from the beginning. A component that processes data at multiple security levels is critical and must go through additional evaluation to ensure the processing is secure. It is common practice to isolate and separate the processing of data at different levels into different components.

Multi-level security and MILS architecture

Traditionally, the model of a secure system includes the concept of multi-level security (MLS). Given a set of subjects, each with a clearance level, and a set of objects, each with a classification level, the idea behind the MLS concept is that the system will be processing objects at different classification levels, and the access to these objects is restricted, by security policy, to subjects with particular clearance.Classic security models, such as the Bell-LaPadula (BLP) model [6], have been used to specify the secure behavior of such MLS systems. The BLP model requires that

information does not flow downward by imposing the following requirements.The simple security property. A subject is allowed a read access to an object only if the subject’s clearance level is identical to or higher than the object’s classification level.J. Zhou and J. Alves-Foss / Security policy refinement and enforcement 109 .The *-property. A subject is allowed a write access to an object only if the subject’s .clearance level is identical to or lower than the object’s classification level.The problem with full MLS systems is that they must be rigorously analyzed for...