600.436
High-Assurance Systems
Fall 01/Introduction
19
Limitations on Security Policies
¨If it cannot be enforced, it’s a fantasy, not a
policy!
¨Unenforceable:
–Prevent disclosure of sensitive information to
unauthorized users
¨(Possibly) Enforceable:
–Ensure that all information flows only to (or from)
authorized programs.
–Ensure that all disclosure of information to entities
outside the control of the system
(including users and their agents) is via trusted software.
–Ensure that when information crosses a multiplexed
protection boundary, it does so via trusted software
–Where “trusted software” means: “has been verified to
comply with the applicable provisions of
the security policy.”