Key points are not available for this paper at this time.
An examination is made of questions concerning commercial computer security integrity policies. An example is given of a dynamic separation of duty policy which cannot be implemented by mechanisms based on TCSEC based mechanisms alone, yet occurs in the real commercial world and can be implemented efficiently in practice. A commercial computer security product in wide use for ensuring the integrity of financial transactions is presented. It is shown that it implements a well-defined and sensible integrity policy that includes separation of duty, yet fails to meet either the TCSEC or the D.D. Clark and D.R. Wilson (1987) rules.>
Nash et al. (Mon,) studied this question.