csce 790 computer systems security security policy models
play

CSCE 790 Computer Systems Security Security Policy Models - PowerPoint PPT Presentation

Feb 21, 2023 •427 likes •702 views

CSCE 790 Computer Systems Security Security Policy Models Professor Qiang Zeng Spring 2020 Previous Class Concepts Access Control, Subject, Object Goals of Access Control Confidentiality, Integrity Access Matrix

  1. 
 CSCE 790 
 Computer Systems Security 
 Security Policy Models Professor Qiang Zeng Spring 2020

  2. Previous Class • Concepts – Access Control, Subject, Object • Goals of Access Control – Confidentiality, Integrity • Access Matrix – View of Columns: Access Control Lists – View of Rows: Capability Lists • Types of Access Control Policies – DAC – MAC – RBAC CSCE 790 – Computer Systems Security 2

  3. Previous Class In which scenarios DAC, MAC and RBAC should be used, respectively? DAC: if the information you create really belongs to you and security is not the top priority, DAC is not a bad choice. It is flexible and convenient. E.g., social networks MAC: if the information you create belongs to your employer and it is highly sensitive, MAC is the choice RBAC: it can enforce DAC or MAC. When employees change jobs, the admin only needs to grant and revoke roles CSCE 790 – Computer Systems Security 3

  4. Outline • Implementation of Policy Models – Decoupling Mechanisms and Policies – Reference Monitor • Basics of MAC and Information Flow • Mandatory Access Control Policy Models – Multi-level Security • Models for Confidentiality: e.g., Bell-LaPadula Model • Models for Integrity: e.g., Biba Model – Multi-lateral Security • Chinese-wall CSCE 790 – Computer Systems Security 4

  5. Security Mechanism and Policy • A security policy dictates what is, and what is not, allowed • A security mechanism is a method, tool, or procedure for enforcing a security policy • Therefore, the same mechanism can be used to enforce multiple different policies CSCE 790 – Computer Systems Security 5

  6. Decoupling Mechanisms and Policies • When you implement some techniques or tools as the policy-enforcing mechanism, keep in mind that the policy may change. So the mechanism and policies should not be closely coupled • The mechanism should leave room of flexibility of changing policies • E.g., even the legislation department changes the traffic rules (policies), the same police (mechanism) can be used CSCE 790 – Computer Systems Security 6

  7. Security Policy Models • A Security Policy Model provides a formal representation of the access control security policy and its working • The formalization allows the proof of properties on the security provided by the access control system being designed CSCE 790 – Computer Systems Security 7

  8. Reference Monitor • When implementing the mechanism, a Reference Monitor that satisfies the following requirements is needed – Small enough to be verifiable – Non-bypassable – Tamper-resistant CSCE 790 – Computer Systems Security 8

  9. MAC • A mandatory access control (MAC) policy is a means of assigning access rights based on regulations by a central authority • Goal: To prevent illegitimate information flow • Idea: Attach a security label to each subject and object; and then perform authorization based on label comparison CSCE 790 – Computer Systems Security 9

  10. Military Security • Initially ( ‘ 70s) most research in information security was applied to the military domain • Need to protect information that, if known by an enemy, might damage national security CSCE 790 – Computer Systems Security 10

  11. Security Level • Each subject and each object is assigned a security level – E.g., unclassified < confidential < secret < top secret • A security level – for a subject is called a clearance – for an object is called a classification • The clearance assigned to subjects reflects their trustworthiness, and the classification assigned to objects reflects theirs sensitivity CSCE 790 – Computer Systems Security 11

  12. “Need to know” and compartments • Even one has the “top secret” clearance, it should not mean that she can access everything • “Need to know”: the access authorization is limited to information needed to perform duties • How to enforce it? – Compartmentalization – Fewer people know the object, the less probability the information is leaked • E.g., Manhattan Project CSCE 790 – Computer Systems Security 12

  13. Security Class and the Ordering • A security class = (security_level, compartments) • E.g., (confidential, {nuclear, missile}) – Security level: confidential – Compartments: {nuclear, missile} • Ordering relation: SC 1 = (l 1 , c 1 ), SC 2 = (l 2 , c 2 ) – SC 1 ≤ SC 2 if l 1 ≤ l 2 && c 1 ⊆ c 2 • Some security classes are incomparable – (top_secret, {aircraft}) and (securet, {shelters}) CSCE 790 – Computer Systems Security 13

  14. Multi-level Security • When access control is enforced according to the security levels (and compartments) assigned to subject and objects, it is a Multi-level Security (MLS) system • A MLS system is typically a Mandatory Access Control system CSCE 790 – Computer Systems Security 14

  15. Information flow policies • Defined by Denning ( ’ 76) • Concerned with the flow of information from one security class to another • Information flow as an ordering relation • Instead of a list of axioms governing users ’ accesses, it simply require that information transfers obey the ordering relation CSCE 790 – Computer Systems Security 15

  16. The BLP model • A model for Confidentiality (i.e., Secrecy) • Information cannot flow from a high security class to a low one (or an incomparable one) – How to define “high” and “low”? – Recall SC 1 ≤ SC 2 if l 1 ≤ l 2 && c 1 ⊆ c 2 where SC 1 = (l 1 , c 1 ), SC 2 = (l 2 , c 2 ) CSCE 790 – Computer Systems Security 16

  17. BLP mandatory access rules • Object o ’s security class: SC(o) • Subject s ’s security class: SC(s) • Simple property (or, No Read Up) : subject s can read object o only if SC(s) ≥ SC(o) • *-property (or, No Write Down) : subject s can write object o only if SC(s) ≤ SC(o) – Trojan horses leaking information are blocked CSCE 790 – Computer Systems Security 17

  18. high-level object-1 observe flow of information alter malicious subject with high-level security clearance low-level object-1 Figure 13.1 Information Flow Showing the Need for the *-property CSCE 790 – Computer Systems Security 18

  19. BLP information flow SUBJECTS OBJECTS write …… ..... TS TS read write Information flow …… ..... S S read write …… ..... C C read write read …… ..... U U CSCE 790 – Computer Systems Security 19

  20. Limitations of the BLP Model • Sometimes “illegal” information flow is desired – E.g., a teacher (high security class) may create a file called “paper”, which should be read by students (low security class) – E.g., a teacher may comment on the answers submitted by a student – Both are not disallowed in the BLP Model – Therefore in practice a declassifying component is needed • BLP only provides confidentiality – In some cases, integrity is the main concern CSCE 790 – Computer Systems Security 20

  21. The Biba Model • Provides the protection for integrity – Information cannot flow from a low security class to a high one • Simple property (or, No Read Down) : subject s can read object o only if SC(s) ≤ SC(o) • *-property (or, No Write Up) : subject s can write object o only if SL(s) ≥ SL(o) • Invocation property: s 1 can invoke s 2 only if SL(s 1 ) ≥ SL(s 2 ) • Example – Security level: soldier < captain < general – A captain should not trust an order forged by a soldier – An order issued by a general cannot be modified by a caption CSCE 790 – Computer Systems Security 21

  22. Multi-Lateral Security • Instead of enforcing vertical information flow rules, multi-lateral security prevents information from flowing across departments • Classic Model: the Chinese Wall Model • Goal: to prevent conflict of interest – E.g., in a financial consultant company, an employee who has read the documents of Bank A (to provide advices) should not access those of Bank B CSCE 790 – Computer Systems Security 22

  23. Multi-Lateral Security • A Dataset (DS): all objects that belong to the same corporation • Conflict of Interest (CI) class: All datasets whose corporations are in competition • A subject S can read on object O only if – O is in the same DS as an object accessed by S, or – O belongs to a CI from which S has not yet accessed any information CSCE 790 – Computer Systems Security 23

  24. Example: Multi-Lateral Security • Once John has accessed the objects of Bank A, he is not allowed to access those of Bank B, as the two Banks belong to the same CI CSCE 790 – Computer Systems Security 24

  25. Summary • Bell-LaPadula (BLP) Secrecy Model – No read up – No write down • Biba Integrity Model – No read down – No write up • Chinese Wall Model – If you have accessed a corporation, you cannot read data from its competitors CSCE 790 – Computer Systems Security 25

  26. Writing Assignments • Can a user cleared for (S, {dog, cat, pig}) access to documents classified in the following ways under the BLP model? – (TS, {dog}) – (S, {dog}) – (S, {dog, cow}) – (S, {monkey}) – (C, {dog, pig, cat}) – (C, { }) • Can BLP and Biba be enforced in the same system? CSCE 790 – Computer Systems Security 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020 Previous Class Virus vs. Worm vs. Trojan Drive-by download Botnet Rootkit CSCE 790 Computer Systems Security 2 Trojan vs. Virus

302 views • 16 slides
CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1:

CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1:

CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1: Morris the first worm in history CSCE 790 Computer Systems Security 2 Story 2: Malware, Stuxnet , took down Irans nuclear facilities

344 views • 30 slides
CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous

CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous

CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous Class Implementation Principles Policy and Mechanism Decoupling Reference Monitor Bell-LaPadula (BLP) Secrecy Model No read up

822 views • 34 slides
CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020 Previous Class The CIA Triad as security objectives Threat: potential Attack: attempt Compromise: success Vulnerability: security

660 views • 29 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
CSCE 790 Computer Systems Security File System Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security File System Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security File System Security Professor Qiang Zeng Spring 2020 Outline Hard links vs. symbolic links File access permissions User and process credentials Special flags: setuid, sticky bit

821 views • 48 slides
CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng

CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng

CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng Spring 2020 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors) Something

506 views • 24 slides
CSCE 790 Computer Systems Security Access Control Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Access Control Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Access Control Professor Qiang Zeng Spring 2020 Previous Class Biometrics Measurement and applications of human characteristics Applications Advantages and Disadvantages False

400 views • 28 slides
CSCE 790 Computer Systems Security Entity Authentication Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Entity Authentication Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Entity Authentication Professor Qiang Zeng Spring 2020 Previous Class PKI Digital Certificate Certificate Authority Verifying Certificates and Chain of Trust Revoking Certificates

310 views • 30 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard

Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard

Introduction to Computer Security Formal Security Models Pavel Laskov Wilhelm Schickard Institute for Computer Science Security instruments learned so far Symmetric and asymmetric cryptography confidentiality, integrity, non-repudiation

319 views • 29 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
Best practices for Security Management in Supercomputing Cray User Group meeting, CUG 2008

Best practices for Security Management in Supercomputing Cray User Group meeting, CUG 2008

Best practices for Security Management in Supercomputing Cray User Group meeting, CUG 2008 Helsinki, Finland 2008-05-05 Urpo Kaila &lt;urpo.kaila@csc.fi&gt; CSC - Scientific Computing Ltd. Urpo Kaila &lt;urpo.kaila@csc.fi&gt; Slide 1 of

541 views • 18 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/18/2018 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

374 views • 9 slides
Security CS 4410 Operating Systems References: Security Introduction and Access Control by Fred

Security CS 4410 Operating Systems References: Security Introduction and Access Control by Fred

Security CS 4410 Operating Systems References: Security Introduction and Access Control by Fred Schneider Historical Context 1961 1969 1960s OSes begin to be shared. Enter: Communication Synchronization Protection Security:

1.16k views • 53 slides
Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world

Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world

Security Profs. Bracy and Van Renesse based on slides by Prof. Sirer Security in the real world Security decisions based on: Value: How much is it worth? Locks: How hard is it to circumvent protection? Police: What are the

980 views • 47 slides
Cyber Command and Control with CyberBML Mr. Bo Vargas Raytheon 4601 North Fairfax Drive Suite

Cyber Command and Control with CyberBML Mr. Bo Vargas Raytheon 4601 North Fairfax Drive Suite

2/4/09 Cyber Command and Control with CyberBML Mr. Bo Vargas Raytheon 4601 North Fairfax Drive Suite 1200 Arlington, VA 22203 bvargas@hai.com Outline Overview CyberBML Visualization Summary Page 2 1 2/4/09 Integrated

286 views • 7 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
OpenVMS Security Update OpenVMS Security Update OpenVMS Security Update Helmut Ammer Helmut

OpenVMS Security Update OpenVMS Security Update OpenVMS Security Update Helmut Ammer Helmut

OpenVMS Security Update OpenVMS Security Update OpenVMS Security Update Helmut Ammer Helmut Ammer CSSC Mnchen CSSC Mnchen 1F06 1F06 25. DECUS Mnchen Symposium Bonn 2002 1 berblick berblick berblick OpenVMS Security

754 views • 31 slides
Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute, Spain Computer-aided cryptography Develop tool-assisted methodologies for helping the design, analysis, and implementation of cryptographic

533 views • 26 slides

More recommend