Identification, Authentication and Authorization

Information flow models

Authorization is applied to data flows.

  • Considering the data flow source and destination.

  • Goal: avoid unwanted/dangerous information flows.

Src and Dst security-level attributes.

  • Information flows should occur only between entities with given security-level (SL) attributes.

  • Authorization is given based on the SL attributes.

PreviousSegregation of dutiesNextMultilevel security

Last updated