30 likes | 184 Views
Lipner ’ s Integrity Policy. Practice Separation of duty: Users will not write their own programs, but will use existing production programs and databases If a program needs to be added, follow controlled/audited process Separation of function
E N D
Lipner’s Integrity Policy • Practice • Separation of duty: • Users will not write their own programs, but will use existing production programs and databases • If a program needs to be added, follow controlled/audited process • Separation of function • Programmers will not develop and test programs on production data • If production data is needed, follow controlled/audited process • Auditing • Controlled/audited process for updating code on production system
Lipner’s Integrity Policy • Security Levels • Audit: AM • Audit/management functions • System Low: SL • Everything else • Categories • Development • Production Code • Production Data • System Development • Software Tools • Follow BLP+Lattice access rules, but on integrity levels
Lipner’s Integrity Policy • Users: • Ordinary (SL,{PC, PD}) • Developers (SL,{D,T}) • System Programmers (SL,{SD, T}) • Managers (AM,{D,PC,PD,SD,T}) • Controllers (SL,{D,PC,PD,SD,T} • Objects • Development code/data (SL,{D,T}) • Production code (SL,{PC}) • Production data (SL,{PC,PD}) • Tools (SL,{T}) • System Programs (SL,) • System Program update (SL,{SD,T}) • Logs (AM, {…})