@InProceedings{LMZ_FAST_2004,
   Author    = "Peng Li and Yun Mao and Steve Zdancewic",
   Title     = "{Information Integrity Policies}",
   Booktitle = "Proceedings of the First Workshop on Formal Aspects in Security and Trust (FAST)",
   address   = "Pisa, Italy",
   Month     = "September",
   Year      = 2003
}

Abstract:

Information integrity policies are traditionally enforced by access control mechanisms that prevent unauthorized users from modifying data. However, access control does not provide end-to-end assurance of integrity. For that reason, integrity guarantees in the form of noninterference assertions have been proposed. Despite the appeals of such information-flow based approaches to integrity, that solution is also unsatisfactory because it leads to a weaker notion of integrity than needed in practice. This paper attempts to clarify integrity policies by comparing and contrasting access control vs. information flow, integrity vs. confidentiality policies, and integrity vs. availability policies. The paper also examines data invariants as a way to strengthen integrity. The result is a better classification of information-integrity policies.