Journal of International Information Management


Security and integrity are frequently competing characteristics in an information system. Sectirity implies that a user can only access a specific subset of the information in the system, namely that information which the user has permission to access. Integrity implies that the information is "correct", i.e., that it satisfies the constraints, rules and conditions contained in the information system. A problem arises when a user who is unable to access certain information because of security restrictions, is left with an "incorrect" or inconsistent view of the information system. In this paper we define an information organizational structure and policy which permits security and integrity to co-exist. Our approach, called the xKB approach, specifies an area of the information system for those objects which meet the integrity requirements for a particular user but not the integrity constraints of the information system as a whole. Earlier versions and components of our approach are described in [Steinke, 1991]. Section 2 provides an example of the problem of providing security and maintaining integrity. Section 3 reviews past approaches to the problem and section 4 describes the xKB approach to solving the conflict between security and integrity. Section 5 provides a summary. Comments on the implementation of the xKB approach are found in section 6.