The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
Computers at Risk: Safe Computing in the Information Age
Administratively directed access control (ADAC)
Access control in which administrators control who can access which objects. Contrast with user-directed access control (UDAC). See Mandatory access control.
Confidence that a system design meets its requirements, or that its implementation meets its specification, or that some specific property is satisfied.
The process of making and keeping the records necessary to support accountability. See Audit trail analysis.
The results of monitoring each operation of subjects on objects; for example, an audit trail might be a record of all actions taken on a particularly sensitive file.
Audit trail analysis
Examination of an audit trail, either manually or automatically, possibly in real time (Lunt, 1988).
Providing assurance regarding the identity of a subject or object, for example, ensuring that a particular user is who he claims to be.
A sequence used to authenticate the identity of a subject or object.
Determining whether a subject (a user or system) is trusted to act for a given purpose, for example, allowed to read a particular file.
The property that a given resource will be usable during a given time period.
Bell and La Padula model
An information-flow security model couched in terms of subjects and objects and based on the concept that information shall not flow to an object of lesser or noncomparable classification (Bell and La Padula, 1976).