ABSTRACT
In Chapter 5, we introduced military security policies, which are primarily concerned with controlling the disclosure of classified information. We also introduced commercial security policies, which focus on preserving the integrity (e.g., quality or trustworthiness) of information. In both cases, the policies depend on assigning classification levels-either security levels or integrity levels, as appropriate-to both subjects and objects; access-control decisions are then based in part on the relationships among those levels.
