1 / 3

Lipner ’ s Integrity Policy

Lipner's Integrity Policy enforces strict guidelines to maintain data integrity within systems. It establishes a separation of duties, ensuring users utilize existing programs rather than developing their own, while programmers avoid testing programs using production data. Updates to production systems require a controlled and audited process. Different security levels categorize users and data: ordinary users, developers, system programmers, and managers, each with distinct access rights. By adhering to these principles, organizations can uphold data integrity and security across software development and production environments.

joseph-richards
Télécharger la présentation

Lipner ’ s Integrity Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lipner’s Integrity Policy • Practice • Separation of duty: • Users will not write their own programs, but will use existing production programs and databases • If a program needs to be added, follow controlled/audited process • Separation of function • Programmers will not develop and test programs on production data • If production data is needed, follow controlled/audited process • Auditing • Controlled/audited process for updating code on production system

  2. Lipner’s Integrity Policy • Security Levels • Audit: AM • Audit/management functions • System Low: SL • Everything else • Categories • Development • Production Code • Production Data • System Development • Software Tools • Follow BLP+Lattice access rules, but on integrity levels

  3. Lipner’s Integrity Policy • Users: • Ordinary (SL,{PC, PD}) • Developers (SL,{D,T}) • System Programmers (SL,{SD, T}) • Managers (AM,{D,PC,PD,SD,T}) • Controllers (SL,{D,PC,PD,SD,T} • Objects • Development code/data (SL,{D,T}) • Production code (SL,{PC}) • Production data (SL,{PC,PD}) • Tools (SL,{T}) • System Programs (SL,) • System Program update (SL,{SD,T}) • Logs (AM, {…})

More Related