600.436 High-Assurance Systems
Fall 01/Introduction
19
Limitations on Security Policies
¨If it cannot be enforced, it’s a fantasy, not a policy!
¨Unenforceable:
–Prevent disclosure of sensitive information to unauthorized users
¨(Possibly) Enforceable:
–Ensure that all information flows only to (or from) authorized programs.
–Ensure that all disclosure of information to entities outside the control of the system (including users and their agents) is via trusted software.
–Ensure that when information crosses a multiplexed protection boundary, it does so via trusted software
–Where “trusted software” means: “has been verified to comply with the applicable provisions of the security policy.”