l-HE ENFORCEMENT OF SECURin POLICIES FOR COMPUTATION

Security policies define how information within a computer system is to be used. Protection mechanisms are built into these systems to enforce security policies. However, in mort systems it is quite unclear what policies a particular mechanism can or does enforce. This paper prscisely defines security policies and protection mechanisms in order to bridge the gap between them with the concept of soundness: whether a protection mechanism enforces a specific policy for a given program. Different sound protection .nechanlsms for the s,ame policy and program can ther be compared (on the basi^ of comoleteness) to determine if one outperforms the othersr Wa also show that yh^ union A. of mechanisms for the same policy and program car. be taken to produce a more complete mechanism^ Although a maximal mechanism exiats it cannot necessarily be effectively found. In addition LO developing a theoretical framework in which to discuss security jrffc introdtict Äe surveillance protection mechanism awJ shew burli / A that it is sound and that it is more complete than tne commonly used high water mark mechanism.