|
||||||||||||||||
|
||||||||||||||||
The following HTML text is provided to enhance online readability. Many aspects of typography translate only awkwardly to HTML. Please use the page image as the authoritative form to ensure accuracy. Administratively directed access control (ADAC) Access control in which administrators control who can access which objects. Contrast with user-directed access control (UDAC). See Mandatory access control. Assurance Confidence that a system design meets its requirements, or that its implementation meets its specification, or that some specific property is satisfied. Auditing The process of making and keeping the records necessary to support accountability. See Audit trail analysis. Audit trail The results of monitoring each operation of subjects on objects; for example, an audit trail might be a record of all actions taken on a particularly sensitive file. Audit trail analysis Examination of an audit trail, either manually or automatically, possibly in real time (Lunt, 1988). Authentication Providing assurance regarding the identity of a subject or object, for example, ensuring that a particular user is who he claims to be. Authentication sequence A sequence used to authenticate the identity of a subject or object. Authorization Determining whether a subject (a user or system) is trusted to act for a given purpose, for example, allowed to read a particular file. Availability The property that a given resource will be usable during a given time period. Bell and La Padula model An information-flow security model couched in terms of subjects and objects and based on the concept that information shall not flow to an object of lesser or noncomparable classification (Bell and La Padula, 1976).
|
|
|||||||||||||||
