Submitted by: Submitted by hend1977
Views: 229
Words: 651
Pages: 3
Category: Other Topics
Date Submitted: 01/17/2014 05:54 PM
Assignment 1: Information Needs for the AIS Case Study
Hend Anowar
Dr.mohammad
Acc 564 Accounting information system
January, ,2014
Evaluate the level of system security (i.e., high, medium, low) needed to ensure information integrity within automated business systems. Provide support for your evaluation.
The successful design and implementation of secure systems must include security concerns from the beginning. A component that processes data at multiple security levels is critical and must go through additional evaluation to ensure the processing is secure. It is common practice to isolate and separate the processing of data at different levels into different components.
Multi-level security and MILS architecture
Traditionally, the model of a secure system includes the concept of multi-level security (MLS). Given a set of subjects, each with a clearance level, and a set of objects, each with a classification level, the idea behind the MLS concept is that the system will be processing objects at different classification levels, and the access to these objects is restricted, by security policy, to subjects with particular clearance.Classic security models, such as the Bell-LaPadula (BLP) model [6], have been used to specify the secure behavior of such MLS systems. The BLP model requires that
information does not flow downward by imposing the following requirements.The simple security property. A subject is allowed a read access to an object only if the subject’s clearance level is identical to or higher than the object’s classification level.J. Zhou and J. Alves-Foss / Security policy refinement and enforcement 109 .The *-property. A subject is allowed a write access to an object only if the subject’s .clearance level is identical to or lower than the object’s classification level.The problem with full MLS systems is that they must be rigorously analyzed for...