chapter 13 design principles
play

Chapter 13: Design Principles Overview Principles Least - PowerPoint PPT Presentation

Oct 14, 2022 •350 likes •787 views

Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological

  1. Chapter 13: Design Principles • Overview • Principles – Least Privilege – Fail-Safe Defaults – Economy of Mechanism – Complete Mediation – Open Design – Separation of Privilege – Least Common Mechanism – Psychological Acceptability April 5, 2005 ECS 235, Computer and Information Slide #1 Security

  2. Overview • Simplicity – Less to go wrong – Fewer possible inconsistencies – Easy to understand • Restriction – Minimize access – Inhibit communication April 5, 2005 ECS 235, Computer and Information Slide #2 Security

  3. Least Privilege • A subject should be given only those privileges necessary to complete its task – Function, not identity, controls – Rights added as needed, discarded after use – Minimal protection domain April 5, 2005 ECS 235, Computer and Information Slide #3 Security

  4. Fail-Safe Defaults • Default action is to deny access • If action fails, system as secure as when action began April 5, 2005 ECS 235, Computer and Information Slide #4 Security

  5. Economy of Mechanism • Keep it as simple as possible – KISS Principle • Simpler means less can go wrong – And when errors occur, they are easier to understand and fix • Interfaces and interactions April 5, 2005 ECS 235, Computer and Information Slide #5 Security

  6. Complete Mediation • Check every access • Usually done once, on first action – UNIX: Access checked on open, not checked thereafter • If permissions change after, may get unauthorized access April 5, 2005 ECS 235, Computer and Information Slide #6 Security

  7. Open Design • Security should not depend on secrecy of design or implementation – Popularly misunderstood to mean that source code should be public – “Security through obscurity” – Does not apply to information such as passwords or cryptographic keys April 5, 2005 ECS 235, Computer and Information Slide #7 Security

  8. Separation of Privilege • Require multiple conditions to grant privilege – Separation of duty – Defense in depth April 5, 2005 ECS 235, Computer and Information Slide #8 Security

  9. Least Common Mechanism • Mechanisms should not be shared – Information can flow along shared channels – Covert channels • Isolation – Virtual machines – Sandboxes April 5, 2005 ECS 235, Computer and Information Slide #9 Security

  10. Psychological Acceptability • Security mechanisms should not add to difficulty of accessing resource – Hide complexity introduced by security mechanisms – Ease of installation, configuration, use – Human factors critical here April 5, 2005 ECS 235, Computer and Information Slide #10 Security

  11. Key Points • Principles of secure design underlie all security-related mechanisms • Require: – Good understanding of goal of mechanism and environment in which it is to be used – Careful analysis and design – Careful implementation April 5, 2005 ECS 235, Computer and Information Slide #11 Security

  12. Chapter 2: Access Control Matrix • Overview • Access Control Matrix Model – Boolean Expression Evaluation – History • Protection State Transitions – Commands – Conditional Commands • Special Rights – Principle of Attenuation of Privilege April 5, 2005 ECS 235, Computer and Information Slide #12 Security

  13. Overview • Protection state of system – Describes current settings, values of system relevant to protection • Access control matrix – Describes protection state precisely – Matrix describing rights of subjects – State transitions change elements of matrix April 5, 2005 ECS 235, Computer and Information Slide #13 Security

  14. Description objects (entities) • Subjects S = { s 1 ,…, s n } o 1 … o m s 1 … s n • Objects O = { o 1 ,…, o m } s 1 • Rights R = { r 1 ,…, r k } s 2 subjects Entries A [ s i , o j ] ⊆ R • • A [ s i , o j ] = { r x , …, r y } means … subject s i has rights r x , …, r y over object o j s n April 5, 2005 ECS 235, Computer and Information Slide #14 Security

  15. Example 1 • Processes p , q • Files f , g • Rights r , w , x , a , o f g p q p rwo r rwxo w q a ro r rwxo April 5, 2005 ECS 235, Computer and Information Slide #15 Security

  16. Example 2 • Procedures inc_ctr , dec_ctr , manage • Variable counter • Rights + , – , call counter inc_ctr dec_ctr manage inc_ctr + dec_ctr – manage call call call April 5, 2005 ECS 235, Computer and Information Slide #16 Security

  17. Boolean Expression Evaluation • ACM controls access to database fields – Subjects have attributes – Verbs define type of access – Rules associated with objects, verb pair • Subject attempts to access object – Rule for object, verb evaluated, grants or denies access April 5, 2005 ECS 235, Computer and Information Slide #17 Security

  18. Example • Subject annie – Attributes role (artist), groups (creative) • Verb paint – Default 0 (deny unless explicitly granted) • Object picture – Rule: paint: ‘artist’ in subject.role and ‘creative’ in subject.groups and time.hour >= 0 and time.hour < 5 April 5, 2005 ECS 235, Computer and Information Slide #18 Security

  19. ACM at 3AM and 10AM At 3AM, time condition At 10AM, time condition met; ACM is: not met; ACM is: … picture … … picture … … annie … … annie … paint April 5, 2005 ECS 235, Computer and Information Slide #19 Security

  20. History Database: name position age salary Alice teacher 45 $40,000 Bob aide 20 $20,000 Cathy principal 37 $60,000 Dilbert teacher 50 $50,000 Eve teacher 33 $50,000 Queries: 1.sum(salary, “position = teacher”) = 140,000 2.sum(salary, “age > 40 & position = teacher”) should not be answered (deduce Eve’s salary) April 5, 2005 ECS 235, Computer and Information Slide #20 Security

  21. ACM of Database Queries O i = { objects referenced in query i } f ( o i ) = { read } for o j ∈ O i , if | ∩ j = 1,…, i O j | < 2 f ( o i ) = ∅ for o j ∈ O i , otherwise 1. O 1 = { Alice, Dilbert, Eve } and no previous query set, so: A[asker, Alice] = f (Alice) = { read } A[asker, Dilbert] = f (Dilbert) = { read } A[asker, Eve] = f (Eve) = { read } and query can be answered April 5, 2005 ECS 235, Computer and Information Slide #21 Security

  22. But Query 2 From last slide: f ( o i ) = { read } for o j ∈ O i , if | ∩ j = 1,…, i O j | < 2 f ( o i ) = ∅ for o j ∈ O i , otherwise 2. O 2 = { Alice, Dilbert } but | O 2 ∩ O 1 | = 2 so A[asker, Alice] = f (Alice) = ∅ A[asker, Dilbert] = f (Dilbert) = ∅ and query cannot be answered April 5, 2005 ECS 235, Computer and Information Slide #22 Security

  23. State Transitions • Change the protection state of system • H represents transition – X i H τ X i +1 : command τ moves system from state X i to X i +1 – X i H * X i +1 : a sequence of commands moves system from state X i to X i +1 • Commands often called transformation procedures April 5, 2005 ECS 235, Computer and Information Slide #23 Security

  24. Primitive Operations • create subject s ; create object o – Creates new row, column in ACM; creates new column in ACM • destroy subject s ; destroy object o – Deletes row, column from ACM; deletes column from ACM • enter r into A [ s , o ] – Adds r rights for subject s over object o • delete r from A [ s , o ] – Removes r rights from subject s over object o April 5, 2005 ECS 235, Computer and Information Slide #24 Security

  25. Create Subject • Precondition: s ∉ S • Primitive command: create subject s • Postconditions: – S ´ = S ∪ { s }, O ´ = O ∪ { s } – ( ∀ y ∈ O ´)[ a ´[ s , y ] = ∅ ], ( ∀ x ∈ S ´)[ a ´[ x , s ] = ∅ ] – ( ∀ x ∈ S )( ∀ y ∈ O )[ a ´[ x , y ] = a [ x , y ]] April 5, 2005 ECS 235, Computer and Information Slide #25 Security

  26. Create Object • Precondition: o ∉ O • Primitive command: create object o • Postconditions: – S ´ = S , O ´ = O ∪ { o } – ( ∀ x ∈ S ´)[ a ´[ x , o ] = ∅ ] – ( ∀ x ∈ S )( ∀ y ∈ O )[ a ´[ x , y ] = a [ x , y ]] April 5, 2005 ECS 235, Computer and Information Slide #26 Security

  27. Add Right • Precondition: s ∈ S , o ∈ O • Primitive command: enter r into a [ s , o ] • Postconditions: – S ´ = S , O ´ = O – a ´[ s , o ] = a [ s , o ] ∪ { r } – ( ∀ x ∈ S ´)( ∀ y ∈ O ´ – { o }) [ a ´[ x , y ] = a [ x , y ]] – ( ∀ x ∈ S ´ – { s })( ∀ y ∈ O ´) [ a ´[ x , y ] = a [ x , y ]] April 5, 2005 ECS 235, Computer and Information Slide #27 Security

  28. Delete Right • Precondition: s ∈ S , o ∈ O • Primitive command: delete r from a [ s , o ] • Postconditions: – S ´ = S , O ´ = O – a ´[ s , o ] = a [ s , o ] – { r } – ( ∀ x ∈ S ´)( ∀ y ∈ O ´ – { o }) [ a ´[ x , y ] = a [ x , y ]] – ( ∀ x ∈ S ´ – { s })( ∀ y ∈ O ´) [ a ´[ x , y ] = a [ x , y ]] April 5, 2005 ECS 235, Computer and Information Slide #28 Security

  29. Destroy Subject • Precondition: s ∈ S • Primitive command: destroy subject s • Postconditions: – S ´ = S – { s }, O ´ = O – { s } – ( ∀ y ∈ O ´)[ a ´[ s , y ] = ∅ ], ( ∀ x ∈ S ´)[ a ´[ x , s ] = ∅ ] – ( ∀ x ∈ S ´)( ∀ y ∈ O ´) [ a ´[ x , y ] = a [ x , y ]] April 5, 2005 ECS 235, Computer and Information Slide #29 Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe

Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe

Chapter 13: Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological

488 views • 22 slides
Principles of Experimental Design Applied Statistics and Experimental Design Chapter 1 Peter

Principles of Experimental Design Applied Statistics and Experimental Design Chapter 1 Peter

Induction Model of a process or system Experiments and observational studies Principles of Experimental Design Applied Statistics and Experimental Design Chapter 1 Peter Hoff Statistics, Biostatistics and the CSSS University of Washington

1.16k views • 54 slides
Design Principles Chapter 14 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Design Principles Chapter 14 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Design Principles Chapter 14 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 14-1 Overview Simplicity, restriction Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation

280 views • 15 slides
Computer Science Principles CHAPTER 3 ITERATION, LISTS, AND ALGORITHM DESIGN 1

Computer Science Principles CHAPTER 3 ITERATION, LISTS, AND ALGORITHM DESIGN 1

9/8/2020 Computer Science Principles CHAPTER 3 ITERATION, LISTS, AND ALGORITHM DESIGN 1 Announcements Reading: Read Chapter 3 of Conery First quiz on Monday Acknowledgement: These slides are revised versions of slides prepared by Prof.

981 views • 71 slides
Chapter 1: Programming Principles Object Oriented Analysis and Design Abstraction and

Chapter 1: Programming Principles Object Oriented Analysis and Design Abstraction and

Chapter 1: Programming Principles Object Oriented Analysis and Design Abstraction and information hiding Object oriented programming principles Unified Modeling Language Software life-cycle models Key programming issues EECS

434 views • 40 slides
universal design universal design principles - NCSW equitable use flexibility in use

universal design universal design principles - NCSW equitable use flexibility in use

chapter 10 universal design universal design principles - NCSW equitable use flexibility in use simple and intuitive to use perceptible information tolerance for error low physical effort size and space for

631 views • 9 slides
May 19: Design Principles and Confinement Principles of Secure Design One set; other sets

May 19: Design Principles and Confinement Principles of Secure Design One set; other sets

May 19: Design Principles and Confinement Principles of Secure Design One set; other sets say basically the same thing Confinement, non-VM isolation Library operating systems Sandboxes Program modification Covert

584 views • 30 slides
Human-Computer Interaction 12. Design Principles (2) Last class Psychological design principles

Human-Computer Interaction 12. Design Principles (2) Last class Psychological design principles

Human-Computer Interaction 12. Design Principles (2) Last class Psychological design principles Recap: Psychological principles 1. User sees what they expect to see. 2. Users have difficulty focusing on more than one activity at a time. 3. It

843 views • 55 slides
UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 11:15 pm) I E

UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 11:15 pm) I E

Principles of VLSI Design Introduction CMPE 413/CMSC 711 Principles of VLSI Design Instructor: Professor Jim Plusquellic Text: Principles of CMOS VLSI Design: A Systems Perspective, by Neil H.E. Weste and Kamran Eshraghian. Supplementary

752 views • 21 slides
Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles

Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles

Principles of Software Construction: Objects, Design, and Concurrency API Design 2: principles Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 4c due Thursday, 10/29, 11:59pm EST Homework 5 coming soon Team sign-up

620 views • 47 slides
Chapter 2 Internals and Operating System Design Overview Principles Eighth Edition By

Chapter 2 Internals and Operating System Design Overview Principles Eighth Edition By

Operating Systems: Chapter 2 Internals and Operating System Design Overview Principles Eighth Edition By William Stallings Operating System Operating System A program that controls the execution of application programs An

1.08k views • 91 slides
Chapter 1 Internals and Computer System Design Overview Principles Eighth Edition By

Chapter 1 Internals and Computer System Design Overview Principles Eighth Edition By

Operating Systems: Chapter 1 Internals and Computer System Design Overview Principles Eighth Edition By William Stallings Operating System Operating System Exploits the hardware resources of one or more processors Provides a

1.04k views • 59 slides
SunyoungKim,PhD Last class Psychological design principles Recap. Psychological

SunyoungKim,PhD Last class Psychological design principles Recap. Psychological

Human-Computer Interaction 17. Design Design Principles (2) SunyoungKim,PhD Last class Psychological design principles Recap. Psychological principles 1. User sees what they expect to see. 2. Users have difficulty focusing on more

963 views • 57 slides
Design principles for m-learning Outcome : To determine basic design principles for mobile

Design principles for m-learning Outcome : To determine basic design principles for mobile

Design principles for m-learning Outcome : To determine basic design principles for mobile learning and identify the key limitations to the design and development of mobile instruction. 1 Needs Assessment Before you start the design True

343 views • 10 slides
Human-Computer Interaction 12. Design Principles (3) Last class Normans design principles

Human-Computer Interaction 12. Design Principles (3) Last class Normans design principles

Human-Computer Interaction 12. Design Principles (3) Last class Normans design principles Recap. Usability Usability is a measure of the effectiveness, efficiency and satisfaction with which specified users can achieve specified goals in a

826 views • 68 slides
1 Direct Memory Access (DMA) operation Hardwares view of interrupts Bus Chapter 5 Chapter 5

1 Direct Memory Access (DMA) operation Hardwares view of interrupts Bus Chapter 5 Chapter 5

Input/Output Principles of I/O hardware Principles of I/O software Chapter 5: I/O Systems I/O software layers Disks Clocks Character-oriented terminals Graphical user interfaces Network terminals Power management

540 views • 11 slides
Martin J Savage Quantum Computing Next Steps in Quantum Science for HEP 1 FermiLab, September

Martin J Savage Quantum Computing Next Steps in Quantum Science for HEP 1 FermiLab, September

Natalie Klco (INT/UW) Pavel Lougovski Raphael Pooser (ORNL) See many talks at this meeting Quantum Field Theory with Martin J Savage Quantum Computing Next Steps in Quantum Science for HEP 1 FermiLab, September 12-14, 2018 The paper that

318 views • 29 slides
LArTPC Cold Electronics Response Calibration in MicroBooNE and protoDUNE LArTPC Calibration

LArTPC Cold Electronics Response Calibration in MicroBooNE and protoDUNE LArTPC Calibration

LArTPC Cold Electronics Response Calibration in MicroBooNE and protoDUNE LArTPC Calibration Workshop Brian Kirby, Brookhaven National Lab Dec 10, 2018 1 Outline What are LArTPC cold electronics and their response? How to calibrate

505 views • 25 slides
DRONE-SUPPORTED SURVEYING Increases social inclusion Improves prospects of peace Increases

DRONE-SUPPORTED SURVEYING Increases social inclusion Improves prospects of peace Increases

DRONE-SUPPORTED SURVEYING Increases social inclusion Improves prospects of peace Increases economic opportunities Improves governance Promote environmental protection and resilience Trimble UX5HP DJI Phantom 4 Pro Parrot ANAFI Work UAV

782 views • 41 slides
Virtual GIS laboratory for educational needs Andrey A. Medvedev* A.V. Koshkarev*, S.A.

Virtual GIS laboratory for educational needs Andrey A. Medvedev* A.V. Koshkarev*, S.A.

Virtual GIS laboratory for educational needs Andrey A. Medvedev* A.V. Koshkarev*, S.A. Polikarpov** *Institute of geography, Russian academy of sciences **Computing center, Russian academy of sciences Problems : - Geoinformation software

496 views • 26 slides
User-Centered Design Why User-Centered Design is important Ways to involve the user in the

User-Centered Design Why User-Centered Design is important Ways to involve the user in the

User-Centered Design Why User-Centered Design is important Ways to involve the user in the process Image credit: http://worrydream.com/ABriefRantOnTheFutureOfInteractionDesign/ 1 System-Centered Design http://dilbert.com/strip/1989-09-06

209 views • 10 slides
Lecture 6 Usability Terry Winograd CS147 - Introduction to Human-Computer Interaction Design

Lecture 6 Usability Terry Winograd CS147 - Introduction to Human-Computer Interaction Design

Lecture 6 Usability Terry Winograd CS147 - Introduction to Human-Computer Interaction Design Computer Science Department Stanford University Autumn 2006 CS147 - Terry Winograd - 1 Learning Goals Understand when and how design

1.1k views • 33 slides
Fourth Quarter Review 13 / November / 2015 Forward-Looking Statements / Safe Harbor This

Fourth Quarter Review 13 / November / 2015 Forward-Looking Statements / Safe Harbor This

Fourth Quarter Review 13 / November / 2015 Forward-Looking Statements / Safe Harbor This presentation contains a number of forward-looking statements. In many cases forward-looking statements are identified by words, and variations of words,

557 views • 34 slides
Third Quarter 2015 Earnings October 23, 2015 Cautionary Statement The statements in this

Third Quarter 2015 Earnings October 23, 2015 Cautionary Statement The statements in this

Third Quarter 2015 Earnings October 23, 2015 Cautionary Statement The statements in this presentation relating to matters that are not historical facts are forward-looking statements. These forward-looking statements are based upon assumptions

334 views • 17 slides

More recommend