computer security dd2395
play

Computer Security DD2395 - PowerPoint PPT Presentation

Dec 15, 2022 •572 likes •1k views

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 11, Nov. 29, 2010 Multi-Level Security Trusted Computing and Multilevel Security present some interrelated

  1. Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 11, Nov. 29, 2010 Multi-Level Security

  2. Trusted Computing and Multilevel Security • present some interrelated topics: – formal models for computer security – multilevel security – trusted systems – mandatory access control – security evaluation Nov. 29, 2010 KTH DD2395 Sonja Buchegger 2

  3. Formal Models for Computer Security • two fundamental computer security facts: – all complex software systems have flaw/bugs – is extraordinarily difficult to build computer hardware/software not vulnerable to attack • hence desire to prove design and implementation satisfy security requirements • led to development of formal security models – initially funded by US DoD • Bell-LaPadula (BLP) model very influential Nov. 29, 2010 KTH DD2395 Sonja Buchegger 3

  4. Bell-LaPadula (BLP) Model • developed in 1970s • as a formal access control model • subjects and objects have a security class – top secret > secret > confidential > unclassified – subject has a security clearance level – object has a security classification level – class control how subject may access an object • applicable if have info and user categories Nov. 29, 2010 KTH DD2395 Sonja Buchegger 4

  5. Multi-Level Security Nov. 29, 2010 KTH DD2395 Sonja Buchegger 5

  6. BLP Formal Description • based on current state of system ( b , M , f , H ): (current access set b, access matrix M, level function f, hierarchy H) • three BLP properties: ss-property: ( S i , O j , read) has f c ( S i ) ≥ f o ( O j ). *-property: ( S i , O j , append) has f c ( S i ) ≤ f o ( O j ) and ( S i , O j , write) has f c ( S i ) = f o ( O j ) ds-property: ( S i , O j , A x ) implies A x  M [ S i • BLP give formal theorems – theoretically possible to prove system is secure – in practice usually not possible Nov. 29, 2010 KTH DD2395 Sonja Buchegger 6

  7. Question • No read up, no write down. Why no write down? Nov. 29, 2010 KTH DD2395 Sonja Buchegger 7

  8. BLP Rules get access 1. release access 2. change object level 3. change current level 4. give access permission 5. rescind access permission 6. create an object 7. delete a group of objects 8. Nov. 29, 2010 KTH DD2395 Sonja Buchegger 8

  9. BLP Example Nov. 29, 2010 KTH DD2395 Sonja Buchegger 9

  10. BLP Example cont. Nov. 29, 2010 KTH DD2395 Sonja Buchegger 10

  11. BLP Example cont. Nov. 29, 2010 KTH DD2395 Sonja Buchegger 11

  12. MULTICS Example Nov. 29, 2010 KTH DD2395 Sonja Buchegger 12

  13. Biba Integrity Model • various models dealing with integrity • strict integrity policy: – simple integrity: I( S ) ≥ I( O ) – integrity confinement: I( S ) ≤ I( O ) – invocation property: I( S 1 ) ≥ I( S 2 ) Nov. 29, 2010 KTH DD2395 Sonja Buchegger 13

  14. Clark-Wilson Integrity Model Nov. 29, 2010 KTH DD2395 Sonja Buchegger 14

  15. Chinese Wall Model Nov. 29, 2010 KTH DD2395 Sonja Buchegger 15

  16. Reference Monitors Nov. 29, 2010 KTH DD2395 Sonja Buchegger 16

  17. Trojan Horse Defence Nov. 29, 2010 KTH DD2395 Sonja Buchegger 17

  18. Multilevel Security (MLS) • a class of system that has system resources (particularly stored information) at more than one security level (i.e., has different types of sensitive resources) and that permits concurrent access by users who differ in security clearance and need-to-know, but is able to prevent each user from accessing resources for which the user lacks authorization. Nov. 29, 2010 KTH DD2395 Sonja Buchegger 18

  19. MLS Security for Role-Based Access Control • rule based access control (RBAC) can implement BLP MLS rules given: – security constraints on users – constraints on read/write permissions – read and write level role access definitions – constraint on user-role assignments Nov. 29, 2010 KTH DD2395 Sonja Buchegger 19

  20. RBAC MLS Example Nov. 29, 2010 KTH DD2395 Sonja Buchegger 20

  21. MLS Database Security Nov. 29, 2010 KTH DD2395 Sonja Buchegger 21

  22. MLS Database Security Nov. 29, 2010 KTH DD2395 Sonja Buchegger 22

  23. MLS Database Security Read Access • DBMS enforces simple security rule (no read up) • easy if granularity entire database / table level • inference problems if have column granularity – if can query on restricted data can infer its existence • SELECT Ename FROM Employee WHERE Salary > 50K – solution is to check access to all query data • also have problems if have row granularity – null response indictes restricted/empty result • no extra concerns if have element granularity Nov. 29, 2010 KTH DD2395 Sonja Buchegger 23

  24. MLS Database Security Write Access • enforce *-security rule (no write down) • have problem if a low clearance user wants to insert a row with a primary key that already exists in a higher level row: – can reject, but user knows row exists – can replace, compromises data integrity – can polyinstantiation and insert multiple rows with same key, creates conflicting entries • same alternatives occur on update • avoid problem if use database / table granularity Nov. 29, 2010 KTH DD2395 Sonja Buchegger 24

  25. Trusted Platform Module (TPM) • concept from Trusted Computing Group • hardware module at heart of hardware / software approach to trusted computing • uses a TPM chip on – motherboard, smart card, processor – working with approved hardware / software – generating and using crypto keys • has 3 basic services: authenticated boot, certification, and encryption Nov. 29, 2010 KTH DD2395 Sonja Buchegger 25

  26. Authenticated Boot Service • responsible for booting entire O/S in stages • ensuring each is valid and approved for use – verifying digital signature associated with code – keeping a tamper-evident log • log records versions of all code running • can then expand trust boundary – TPM verifies any additional software requested • confirms signed and not revoked • hence know resulting configuration is well- defined with approved components Nov. 29, 2010 KTH DD2395 Sonja Buchegger 26

  27. Certification Service • once have authenticated boot • TPM can certify configuration to others – with a digital certificate of configuration info – giving another user confidence in it • include challenge value in certificate to also ensure it is timely • provides hierarchical certification approach – trust TPM then O/S then applications Nov. 29, 2010 KTH DD2395 Sonja Buchegger 27

  28. Encryption Service • encrypts data so it can be decrypted – by a certain machine in given configuration • depends on – master secret key unique to machine – used to generate secret encryption key for every possible configuration only usable in it • can also extend this scheme upward – create application key for desired application version running on desired system version Nov. 29, 2010 KTH DD2395 Sonja Buchegger 28

  29. TPM Functions Nov. 29, 2010 KTH DD2395 Sonja Buchegger 29

  30. Protected Storage Function Nov. 29, 2010 KTH DD2395 Sonja Buchegger 30

  31. Trusted Systems • security models aimed at enhancing trust • work started in early 1970’s leading to: – Trusted Computer System Evaluation Criteria (TCSEC), Orange Book, in early 1980s – further work by other countries – resulting in Common Criteria in late 1990s • also Computer Security Center in NSA – with Commercial Product Evaluation Program – evaluates commercially available products – required for Defense use, freely published Nov. 29, 2010 KTH DD2395 Sonja Buchegger 31

  32. Common Criteria (CC) • ISO standards for security requirements and defining evaluation criteria to give: – greater confidence in IT product security – from formal actions during process of: – development using secure requirements – evaluation confirming meets requirements – operation in accordance with requirements • evaluated products are listed for use Nov. 29, 2010 KTH DD2395 Sonja Buchegger 32

  33. CC Requirements • have a common set of potential security requirements for use in evaluation • target of evaluation (TOE) refers product / system subject to evaluation • functional requirements – define desired security behavior • assurance requirements – that security measures effective correct • have classes of families of components Nov. 29, 2010 KTH DD2395 Sonja Buchegger 33

  34. CC Profiles and Targets Nov. 29, 2010 KTH DD2395 Sonja Buchegger 34

  35. CC Security Paradigm Nov. 29, 2010 KTH DD2395 Sonja Buchegger 35

  36. Smartcard PP • simple PP example • describes IT security requirements for smart card use by sensitive applications • lists threats • PP requirements: – 42 TOE security functional requirements – 24 TOE security assurance requirements – IT environment security requirements • with rationale for selection Nov. 29, 2010 KTH DD2395 Sonja Buchegger 36

  37. Assurance • “degree of confidence that the security controls operate correctly and protect the system as intended” • applies to: – product security requirements, security policy, product design, implementation, operation • various approaches analyzing, checking, testing various aspects Nov. 29, 2010 KTH DD2395 Sonja Buchegger 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012 Sonja Buchegger buc@kth.se Lecture 9 Firewalls (maybe start on Multilevel Security) DD2395 Sonja Buchegger 1 Catch-up Labs l Labbvecka in June

540 views • 35 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 13, Dec. 6, 2010 Auditing Security Audit an independent review and examination of a system's records

353 views • 33 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 3 User Authentication KTH DD2395 Sonja Buchegger 1 More Follow-up Courses l EP2500: Networked Systems

821 views • 26 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 8 Denial of Service DD2395 Sonja Buchegger 1 Course Admin l WANTED: Student representatives for the

1.29k views • 37 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin l Lab 2: - prepare before lab session - signup!

844 views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 8, Feb. 10, 2010 Malicious Software, Denial of Service Announcements ! Lab reports ! Bonus points !

1.08k views • 42 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 10, Nov. 24, 2011 Social Engineering DD2395, Sonja Buchegger 1 Course Admin GPG Lab 1 bonus results in

1.22k views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 2, Jan. 20, 2010 Cryptography Scope of Computer Security Jan. 20, 2010 KTH DD2395 Sonja Buchegger 2

469 views • 45 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 2, Oct. 27, 2010 Cryptography Oct. 27, 2010 KTH DD2395 Sonja Buchegger 1 Questionnaire Results Prior

602 views • 42 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 4 Access Control 1 Access Control l The prevention of unauthorized use* of a resource, including the

429 views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 7, Feb. 8, 2010 Malicious Software Malicious Software programs exploiting system vulnerabilities known

427 views • 10 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 1, Oct. 25, 2010 Introduction Oct. 25, 2010 Computer Security, Sonja Buchegger 1 Outline for Today About

670 views • 43 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 1, Oct. 25, 2011 Introduction Oct. 25, 2011 Computer Security, Sonja Buchegger 1 Outline for Today ! About

565 views • 45 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 7, Nov. 15, 2010 Malicious Software, Denial of Service Nov. 15, 2010 DD2395 Sonja Buchegger 1 Malicious

589 views • 48 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 3 User Authentication KTH DD2395 Sonja Buchegger 1 User Authentication KTH DD2395 Sonja Buchegger 2 User

485 views • 27 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Lecture 02 (28.10.2013) Concepts of Safety and Security Christoph Lth Christian Liguda SQS,

Lecture 02 (28.10.2013) Concepts of Safety and Security Christoph Lth Christian Liguda SQS,

Systeme hoher Qualitt und Sicherheit Universitt Bremen, WS 2013/14 Lecture 02 (28.10.2013) Concepts of Safety and Security Christoph Lth Christian Liguda SQS, WS 13/14 SQS, WS 13/14 Where are we? Lecture 01: Concepts of Quality

1.15k views • 50 slides
Seminar Term Paper Certification of Hardware and Software Formal Methods for Fun and Profit

Seminar Term Paper Certification of Hardware and Software Formal Methods for Fun and Profit

Seminar Term Paper Certification of Hardware and Software Formal Methods for Fun and Profit Summer Semester 2005 Theme: Certification of Hardware and Software Supervisor: Jr. Prof. Beckert Presented by: Kiptoo A. Kiprop Registration

1.02k views • 20 slides
Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information

Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information

Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@cise.ufl.edu Trusted Operating Systems (Pfleeger Ch. 7)

653 views • 29 slides
Incident of the Week New logging functionality with insufficient access control Accessible

Incident of the Week New logging functionality with insufficient access control Accessible

Incident of the Week New logging functionality with insufficient access control Accessible to any application with internet access (i.e., almost all of them) Patching the issue is delayed because the patch needs to be tested with

765 views • 53 slides
Gesto de Riscos de Segurana Jos Eduardo Malta de S Brando Joni da Silva Fraga

Gesto de Riscos de Segurana Jos Eduardo Malta de S Brando Joni da Silva Fraga

Gesto de Riscos de Segurana Jos Eduardo Malta de S Brando Joni da Silva Fraga je.brandao@ipea.gov.br fraga@das.ufsc.br SBSeg 2008 - Gesto de Riscos de Segurana Sumrio Motivao Conceitos Principais Padres

522 views • 31 slides
Evil Module 1 Module 3 OS OS Module 2 Module 4 Safe? Safe? Yes! Yes! 5 6 1 5/23/10

Evil Module 1 Module 3 OS OS Module 2 Module 4 Safe? Safe? Yes! Yes! 5 6 1 5/23/10

5/23/10 A Travel Story Bryan Parno, Jonathan McCune, Adrian Perrig Carnegie Mellon University 1 2 Does program P compute F? Trust is CriAcal Is F what the programmer intended? Will I regret having done this? X Other Y Other F X Alice Y

429 views • 5 slides
Service Interaction: Patterns, Formalization, and Analysis 9th International School on Formal

Service Interaction: Patterns, Formalization, and Analysis 9th International School on Formal

Service Interaction: Patterns, Formalization, and Analysis 9th International School on Formal Methods for the Design of Computer, Communication and Software Systems: Web Services (SFM-09:WS), Bertinoro, Italy, June 1-6, 2009. prof.dr.ir. Wil

1.83k views • 137 slides
Stakeholder Engagement: The Safecast experience Joint ICTP-IAEA Workshop on Environmental

Stakeholder Engagement: The Safecast experience Joint ICTP-IAEA Workshop on Environmental

Stakeholder Engagement: The Safecast experience Joint ICTP-IAEA Workshop on Environmental Mapping: Mobilising Trust in Measurements and Engaging Scientific Citizenry ICTP , Trieste - Italy March 6-24, 2017 Who are the stakeholders? Affected

1.09k views • 82 slides

More recommend