accountability
play

Accountability Daniel Bosk Department of Information and - PowerPoint PPT Presentation

Aug 23, 2022 •596 likes •915 views

Book-Keeping Logging References Accountability Daniel Bosk Department of Information and Communication Systems, Mid Sweden University, SE-851 70 Sundsvall. 14th May 2018 Daniel Bosk MIUN IKS Accountability 1 Book-Keeping Logging

  1. Book-Keeping Logging References Accountability Daniel Bosk Department of Information and Communication Systems, Mid Sweden University, SE-851 70 Sundsvall. 14th May 2018 Daniel Bosk MIUN IKS Accountability 1

  2. Book-Keeping Logging References 1 Book-Keeping Double-Entry Book-Keeping Separation of Duties Clark-Wilson Security Policy Model 2 Logging Securing Logging Mechanisms Schneier-Kelsey Logs Daniel Bosk MIUN IKS Accountability 2

  3. Book-Keeping Logging References 1 Book-Keeping Double-Entry Book-Keeping Separation of Duties Clark-Wilson Security Policy Model 2 Logging Securing Logging Mechanisms Schneier-Kelsey Logs Daniel Bosk MIUN IKS Accountability 3

  4. Book-Keeping Logging References Double-Entry Book-Keeping The banks are one of the oldest institutions with a need for strict accountability. The main tools developed for this purpose is double-entry book-keeping. Daniel Bosk MIUN IKS Accountability 4

  5. Book-Keeping Logging References Double-Entry Book-Keeping Definition (Double-entry book-keeping) Add one entry of x and one of − x . Invariant of zero ( x + ( − x ) = 0). Example All books should be balanced. A transfer from one account to another must be a credit in one account and a debit in the other. I.e. when adding them up they equal zero. Daniel Bosk MIUN IKS Accountability 5

  6. Book-Keeping Logging References Double-Entry Book-Keeping This principle of keeping a balance of constant zero can be tranferred to other principles. E.g. for each log-in there should be a log-out. If the difference of number of log-ins L i for a user and the number of log-outs L o is zero ( L i − L o = 0), then the user is not currently logged-in. Hence, the user shouldn’t be able to post a comment when the system is in this state. Daniel Bosk MIUN IKS Accountability 6

  7. Book-Keeping Logging References Double-Entry Book-Keeping Note Note that you shouldn’t use the book-keeping system to keep track of whether a user is logged-in or not. You can use more efficient mechanisms for that. But the account should be kept for future reference, in case something bad happens, then you should be able to see what really happened. Daniel Bosk MIUN IKS Accountability 7

  8. Book-Keeping Logging References Separation of Duties Definition (Separation of duties) Two or more entities must collude to break the policy. Two classes: dual control and functional separation . Daniel Bosk MIUN IKS Accountability 8

  9. Book-Keeping Logging References Separation of Duties Example (Dual control) Two or more staff members must act together to authorize a transaction. Example (Dual control on film) Two guys in a nuclear weapons silo. Two keys too far from each other for one to turn simultaneously. Both staffers must agree to turn the keys. Daniel Bosk MIUN IKS Accountability 9

  10. Book-Keeping Logging References Separation of Duties Example (Dual control) Two or more staff members must act together to authorize a transaction. Example (Dual control on film) Two guys in a nuclear weapons silo. Two keys too far from each other for one to turn simultaneously. Both staffers must agree to turn the keys. Daniel Bosk MIUN IKS Accountability 9

  11. Book-Keeping Logging References Separation of Duties Example (Functional separation) Two or more staff members must act on the transaction at different points in the transaction path. Example (Functional separation) Developer team writes the code. System administrators deploy it. Auditors verifies security. Daniel Bosk MIUN IKS Accountability 10

  12. Book-Keeping Logging References Separation of Duties Example (Functional separation) Two or more staff members must act on the transaction at different points in the transaction path. Example (Functional separation) Developer team writes the code. System administrators deploy it. Auditors verifies security. Daniel Bosk MIUN IKS Accountability 10

  13. Book-Keeping Logging References Clark-Wilson Security Policy Model The Clark-Wilson Security Policy Model is a model for securely implementing a security policy. It ensures internal consistency , i.e. properties of the internal state of the system. It also allows for external consistency , i.e. the relation of the internal state of the system to the real world. This must however be enforced by e.g. auditing. Daniel Bosk MIUN IKS Accountability 11

  14. Book-Keeping Logging References Clark-Wilson Security Policy Model Mechanisms for enforcing integrity of the system are: Well-formed transactions Separation of duties Definition (Well-formed transactions) A limited set of functions can manipulate an object. Users have access to these functions, not the objects. Daniel Bosk MIUN IKS Accountability 12

  15. Book-Keeping Logging References Clark-Wilson Security Policy Model Mechanisms for enforcing integrity of the system are: Well-formed transactions Separation of duties Definition (Well-formed transactions) A limited set of functions can manipulate an object. Users have access to these functions, not the objects. Daniel Bosk MIUN IKS Accountability 12

  16. Book-Keeping Logging References Clark-Wilson Security Policy Model Requirements 1 Subjects have to be identified and authenticated. 2 Objects can be manipulated only by a restricted set of functions. 3 Subjects can execute only a restricted set of functions. 4 A proper audit log must be maintained. 5 The system has to be certified to work properly. Daniel Bosk MIUN IKS Accountability 13

  17. Book-Keeping Logging References Clark-Wilson Security Policy Model Definition (Unconstrained data item, UDI) Input from outside the system. From outside the control of the system. It can be anything! Definition (Constrained data item, CDI) Objects (data) inside the system. This is under the system’s control. This is well-formed. Daniel Bosk MIUN IKS Accountability 14

  18. Book-Keeping Logging References Clark-Wilson Security Policy Model Definition (Unconstrained data item, UDI) Input from outside the system. From outside the control of the system. It can be anything! Definition (Constrained data item, CDI) Objects (data) inside the system. This is under the system’s control. This is well-formed. Daniel Bosk MIUN IKS Accountability 14

  19. Book-Keeping Logging References Clark-Wilson Security Policy Model Note UDIs must be converted to CDIs. This is a critical part of the system. Daniel Bosk MIUN IKS Accountability 15

  20. Book-Keeping Logging References Clark-Wilson Security Policy Model Definition (Transformation procedure, TP) Procedure which manipulates CDIs. Can take UDI as input, must convert to CDI. Definition (Integrity verification procedure, IVP) Checks the integrity of a CDI. Daniel Bosk MIUN IKS Accountability 16

  21. Book-Keeping Logging References Clark-Wilson Security Policy Model Definition (Transformation procedure, TP) Procedure which manipulates CDIs. Can take UDI as input, must convert to CDI. Definition (Integrity verification procedure, IVP) Checks the integrity of a CDI. Daniel Bosk MIUN IKS Accountability 16

  22. Book-Keeping Logging References Clark-Wilson Security Policy Model Certification rules Should be checked so that the policy is consistent: CR1 IVPs must ensure integrity of CDIs when IVPs are run. CR2 TPs must be certified to be valid; valid CDIs transform into valid CDIs; each TP can access restricted set of CDIs. CR3 Access rules must satisfy separation-of-duties requirements. CR4 All TPs must write to an append-only log. CR5 Any TP handling UDI must convert it to a CDI or reject it. Daniel Bosk MIUN IKS Accountability 17

  23. Book-Keeping Logging References Clark-Wilson Security Policy Model Enforcement rules Describes the mechanisms needed in the system: ER1 Must maintain and protect list of CDIs each TP can access. ER2 Must maintain and protect list of TPs each subject can access. ER3 The system must authenticate each subject requesting to execute a TP. ER4 Only a subject that may certify an access rule for a TP may modify the respective entry in the list. This subject must not be allowed to execute this TP. Daniel Bosk MIUN IKS Accountability 18

  24. Book-Keeping Logging References 1 Book-Keeping Double-Entry Book-Keeping Separation of Duties Clark-Wilson Security Policy Model 2 Logging Securing Logging Mechanisms Schneier-Kelsey Logs Daniel Bosk MIUN IKS Accountability 19

  25. Book-Keeping Logging References Securing Logging Mechanisms Have a process write log messages to a file. Then the running process must access the file. Could be done using append only access, thus no reading or rewriting. Could trust the process to do a setuid(2) system call. This saves us from trusting the user – but only if the user doesn’t have access to the hardware. We could also log to this or another system via syslog(3), this helps us if we don’t trust the user or the process. However, the problem remains with the sysadmin who has superuser access to the system. Daniel Bosk MIUN IKS Accountability 20

  26. Book-Keeping Logging References Securing Logging Mechanisms The sysadmin problem can be solved using a clever setup of separation of duty. E.g. the logs of sysadmin A will be stored under the control of sysadmins B and C . This way sysadmin A can do everything except modify his own logging mechanisms. The downside of this is that all systems must be online for this to work. Daniel Bosk MIUN IKS Accountability 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Office of Accountability September 20, 2011 Office of Accountability Superintendent Office of

Office of Accountability September 20, 2011 Office of Accountability Superintendent Office of

Office of Accountability September 20, 2011 Office of Accountability Superintendent Office of Accountability 2011-2012 Organizational Chart Ron Rode Supervising Executive Director Administrative Assistant II Office of Accountability

724 views • 14 slides
Framework for a Next- Generation Accountability System 01 Accountability design components 02

Framework for a Next- Generation Accountability System 01 Accountability design components 02

Framework for a Next- Generation Accountability System 01 Accountability design components 02 Relative component accountability percentile 03 Criterion referenced component target AGENDA setting 04 Use of subgroup data for

557 views • 13 slides
Update for the new Accountability System Monica Daniels M.S., Accountability Assistant Executive

Update for the new Accountability System Monica Daniels M.S., Accountability Assistant Executive

Update for the new Accountability System Monica Daniels M.S., Accountability Assistant Executive Director Dr. Michael Tamborski, Accountability Executive Director Dr. Jeanene Barnett, Deputy Superintendent Assessment and Accountability Dr.

211 views • 19 slides
From No Accountability to Accountability. Now. Why Enhancing Public Financial Management Really

From No Accountability to Accountability. Now. Why Enhancing Public Financial Management Really

From No Accountability to Accountability. Now. Why Enhancing Public Financial Management Really Matters Vincent Tophoff IV Seminario Brasileiro de Contabilidade e Custos Aplicados ao Setor Publico Brasilia, October 4-6, 2017 Page 1 IFAC A

361 views • 23 slides
Accountability Circles Initiation and Youth Empowerment Evolution of the Accountability Circles

Accountability Circles Initiation and Youth Empowerment Evolution of the Accountability Circles

Accountability Circles Initiation and Youth Empowerment Evolution of the Accountability Circles The Accountability Circle Process Wisdom Confidence Courage Respect The Circle Space Check-in Conferences and Plans Necklaces

643 views • 8 slides
The Accountability Framework initiative Accelerating progress and improving accountability for

The Accountability Framework initiative Accelerating progress and improving accountability for

The Accountability Framework initiative Accelerating progress and improving accountability for ethical supply chain commitments Jeff Milder, Rainforest Alliance June 13, 2019 Companies have committed to eliminating deforestation and human

647 views • 9 slides
Accountability Standard Setting ANN-MICHELLE NEAL, ED.S ACCOUNTABILITY SPECIALIST UTAH STATE

Accountability Standard Setting ANN-MICHELLE NEAL, ED.S ACCOUNTABILITY SPECIALIST UTAH STATE

Utah School Accountability Standard Setting ANN-MICHELLE NEAL, ED.S ACCOUNTABILITY SPECIALIST UTAH STATE BOARD OF EDUCATION History of Accountability in Utah School Grading School Grading Accountability Accountability Accountability

614 views • 25 slides
Presentation September 24, 2019 Accountability Committee Accountability Updates: Notices of

Presentation September 24, 2019 Accountability Committee Accountability Updates: Notices of

Accountability Presentation September 24, 2019 Accountability Committee Accountability Updates: Notices of Non-Compliance Notices of Non-Compliance, Level 2 Better Choice Foundation, Mary D. Coghill Charter School Notice of

164 views • 14 slides
ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS

ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS

ADVANCED COMPUTER SECURITY ASSURANCE AND ACCOUNTABILITY ASSURANCE AND ACCOUNTABILITY GENERAL INFO / ANNOUNCEMENTS Reminder : read and post response to Enforceable Security Policies by tomorrow afternoon. Please send me your talk

524 views • 41 slides
Accountability Literacy Project Accountable leadership: Mechanisms for empowering all

Accountability Literacy Project Accountable leadership: Mechanisms for empowering all

Accountability Literacy Project Accountable leadership: Mechanisms for empowering all stakeholders in health responses About AAI Define Accountability 1 2 minutes Working alone please write a definition of accountability in your own words

305 views • 15 slides
Accountability Commission January 2016 Agenda Objec&ves

Accountability Commission January 2016 Agenda Objec&ves

Accountability Commission January 2016 Agenda Objec&ves Purpose of Accountability Louisianas Accountability System: - Establish goals and report

600 views • 21 slides
Accountability Policy Advisory Committee Texas Education Agency | Governance & Accountability

Accountability Policy Advisory Committee Texas Education Agency | Governance & Accountability

2021 Accountability Accountability Policy Advisory Committee Texas Education Agency | Governance & Accountability | Performance Reporting Thank you in advance for muting your mic. Meeting TEXAS EDUCATION AGENCY GOVERNANCE &

360 views • 23 slides
Indiana Student Centered A-F Accountability System WHY THE CHANGE? The NEW A-F accountability

Indiana Student Centered A-F Accountability System WHY THE CHANGE? The NEW A-F accountability

Indiana Student Centered A-F Accountability System WHY THE CHANGE? The NEW A-F accountability system: Less complex Simpler scoring (1-100 scale) Simplified growth calculations (values table) Values BOTH individual growth AND

507 views • 36 slides
Student Growth in Accountability: A Colorado Perspective Marie Huchton, Supervisor of

Student Growth in Accountability: A Colorado Perspective Marie Huchton, Supervisor of

Student Growth in Accountability: A Colorado Perspective Marie Huchton, Supervisor of Accountability Analytics June 2019 1 Origins of Growth & State Accountability in Colorado 2 Historical Context The No Child Left Behind Act (NCLB) of

386 views • 23 slides
CCWG-Accountability WorkStream 2 Update to ccNSO Jordan Carter (.nz) ICANN 59 28 June 2017 |

CCWG-Accountability WorkStream 2 Update to ccNSO Jordan Carter (.nz) ICANN 59 28 June 2017 |

CCWG-Accountability WorkStream 2 Update to ccNSO Jordan Carter (.nz) ICANN 59 28 June 2017 | 1 Sub-group progress Transparency Guidelines for Good Faith SO/AC Accountability Human Rights Staff Accountability Diversity Ombuds Office

323 views • 21 slides
Accountability In Higher Education: Dj Vu All Over Again Richard J. Shavelson

Accountability In Higher Education: Dj Vu All Over Again Richard J. Shavelson

Accountability In Higher Education: Dj Vu All Over Again Richard J. Shavelson CRESST/Stanford University The Demand For Accountability New York State Education Department plans to evaluate public and private colleges publishing a

494 views • 11 slides
GRADUATE DIPLOMA IN MANAGEMENT XXX GDM 401 - MANAGEMENT FUNDAMENTALS XXX Instructions to

GRADUATE DIPLOMA IN MANAGEMENT XXX GDM 401 - MANAGEMENT FUNDAMENTALS XXX Instructions to

GRADUATE DIPLOMA IN MANAGEMENT XXX GDM 401 - MANAGEMENT FUNDAMENTALS XXX Instructions to candidates: You are allowed three (3) hours to answer this question paper. You are allowed 10 minutes reading time before the examination begins during

157 views • 4 slides
EECS 750: Advanced Operating Systems 01/31 /2014 Heechul Yun Administrative Next summary

EECS 750: Advanced Operating Systems 01/31 /2014 Heechul Yun Administrative Next summary

EECS 750: Advanced Operating Systems 01/31 /2014 Heechul Yun Administrative Next summary assignment due by 11:59 p.m., Sunday Improving Performance Isolation on Chip Multiprocessors via an Operating System Scheduler, PACT07

344 views • 22 slides
Don't Lose Sight of the Extended Enterprise Rod Rasmussen President/CTO Internet Identity

Don't Lose Sight of the Extended Enterprise Rod Rasmussen President/CTO Internet Identity

Don't Lose Sight of the Extended Enterprise Rod Rasmussen President/CTO Internet Identity 2011 Annual FIRST Conference Vienna, Austria Presenter: Rod Rasmussen Rod.Rasmussen<at>InternetIdentity.com President & CTO

704 views • 44 slides
Presentation on Far East Hospitality Trust August 2020 Important Notice Information contained

Presentation on Far East Hospitality Trust August 2020 Important Notice Information contained

Presentation on Far East Hospitality Trust August 2020 Important Notice Information contained in this presentation is intended solely for your personal reference and is strictly confidential. The information and opinions in this presentation are

718 views • 32 slides
Bringing Blockchain to Global Enterprise Ben Taylor, CEO, LedgerDomain Orange County ACM Chapter

Bringing Blockchain to Global Enterprise Ben Taylor, CEO, LedgerDomain Orange County ACM Chapter

Bringing Blockchain to Global Enterprise Ben Taylor, CEO, LedgerDomain Orange County ACM Chapter July 18, 2018 Blockchain: Hyped and Ridiculed How Bitcoins Get Transferred So What Have We Learned from Bitcoin? Human progress is anchoring

1.1k views • 22 slides
Data Development for Regional Policy Analysis David Roland-Holst UC Berkeley ASEM/DRC Workshop

Data Development for Regional Policy Analysis David Roland-Holst UC Berkeley ASEM/DRC Workshop

Data Development for Regional Policy Analysis David Roland-Holst UC Berkeley ASEM/DRC Workshop on Capacity for Regional Research on Poverty and Inequality in China Monday-Tuesday, March 27-28, 2006 Contents 1. Introduction 2. What is a

623 views • 49 slides
33:010:458 33:010:458 A Accounting Information Accounting Information A ntin ntin Inf rm ti

33:010:458 33:010:458 A Accounting Information Accounting Information A ntin ntin Inf rm ti

33:010:458 33:010:458 A Accounting Information Accounting Information A ntin ntin Inf rm ti n Inf rm ti n Systems Systems y Dr. Peter R. Gillett Dr. Peter R. Gillett Associate Professor Department of Accounting, Business Ethics and

930 views • 48 slides
Welcome to: FNSACC402 Prepare Operational Budgets Lisa Genna lisa.genna2@tafensw.edu.au Monday

Welcome to: FNSACC402 Prepare Operational Budgets Lisa Genna lisa.genna2@tafensw.edu.au Monday

Welcome to: FNSACC402 Prepare Operational Budgets Lisa Genna lisa.genna2@tafensw.edu.au Monday Room H.G.11 6:00 pm to 9:00 pm AMEG House Rules Be punctual (teacher included!) Come to every class (if possible)

659 views • 42 slides

More recommend