decentralized information flow control
play

Decentralized Information Flow Control RK Shyamasundar Tata - PowerPoint PPT Presentation

Jun 20, 2023 •288 likes •673 views

Decentralized Information Flow Control RK Shyamasundar Tata Institute of Fundamental Research Mumbai shyam@tifr.res.in Confidentiality Example (Contd) Principal Preparer distributor of WebTax-may have privacy interests WebTax

  1. Decentralized Information Flow Control RK Shyamasundar Tata Institute of Fundamental Research Mumbai shyam@tifr.res.in

  2. Confidentiality Example (Contd) • Principal Preparer – distributor of WebTax-may have privacy interests • WebTax application computes the final tax form using a proprietary database, shown at the bottom (owned by Preparer). – this might, contain secret algorithms for minimizing tax payments. – Since this principal is the source of the WebTax software, it trusts the program not to distribute the proprietary database through malicious action, – However, the program might leak information because it contains bugs.

  3. Enforcing data security policy while executing untrusted code • Lightly Shaded – Confidential • Unshaded – non-confidential • Dark Shaded- Special privileges to relay the scanner’s confidential output to the terminal. • Circles: Processes • Rectangles: Files/Dir • Rounded Rect: Devices

  4. Security Guarantees with OS like HiStar

  5. Access Control • Matrix Model – Evolution of access control in traditional OS • Discretionary Access Control – controlling accesses to resources : traditional operating systems – Role based access control • Mandatory Access Control – the control of information flow between distributed nodes on a system wide basis rather than only individual basis like discretionary control • Information Flow Control – how information is disseminated or propagated from one object to another – security classes of all entities must be specified clearly and class of an entity never changes after it has been created – All permissible information flow paths among them are regulated using unambiguous security rules – Distributed Information Control • Language Based • OS based – distribution across nodes

  6. Access Matrix model (AMM) • The original model is called • The access matrix model provides access matrix since the a framework for describing authorization state, discretionary access control meaning the • First proposed by Lampson for authorizations holding at a the protection of resources given time in the system, is within the context of operating represented as a matrix systems, and later refined by Graham and Denning, the model • The matrix therefore gives was subsequently formalized by Harrison, Ruzzo, and Ullman (HRU an abstract representation model), who developed the of protection in systems access control model proposed by Lampson to the goal of analyzing mac-ifip.pptx the complexity of determining an access control policy

  7. Main issues with AMM Confinement problem: • How to determine whether there is any mechanism by which a subject authorized to access an object may leak information contained in that object to some other subjects not authorized to access that object. Another disadvantage: – No semantics of information in the objects are considered; • thus the security sensitivity of an object is hardly expressed by that model.

  8. Discretionary Access Control • Discretionary Access Control (DAC) • Discretionary policies enforce access control on the basis of the identity of the requestors and explicit access rules that establish who can, or cannot, execute which actions on which resources • They are called discretionary as users can be given the ability of passing on their privileges to other users, where granting and revocation of privileges is regulated by an administrative policy

  9. DAC: Vunerabilities • • In defining the basic concepts of Once connected to the system, users discretionary policies, we have originate processes (subjects) that referred to access requests on execute on their behalf and, objects submitted by users, which are accordingly, submit requests to the then checked against the users’ system authorizations • Discretionary policies ignore this • Although it is true that each request distinction and evaluate all requests is originated because of some user’s submitted by a process running on actions, a more precise examination behalf of some user against the of the access control problem shows authorizations of the user the utility of separating users from • This aspect makes discretionary subjects policies vulnerable from processes executing malicious programs exploiting the authorizations of the • Users are passive entities for whom user on behalf of whom they are authorizations can be specified and executing who can connect to the system

  10. DAC: Vulnerabilities • • In particular, the access This vulnerability of Trojan control system can be Horses, together with the fact bypassed by Trojan Horses that discretionary policies do embedded in programs not enforce any control on the flow of information once this • A Trojan Horse is a computer information is acquired by a program with an apparently or process, makes it possible for actually useful function, which processes to leak information contains additional hidden to users not allowed to read it functions that exploit the • legitimate authorizations of All this can happen without the invoking process the cognizance of the data administrator/owner, and • A Trojan Horse can improperly despite the fact that each use any authorizations of the single access request is invoking user, for example, it controlled against the could even delete all files of authorizations the user

  11. Discretionary and Mandatory Access Control • • Discretionary Access Control (DAC) Mandatory Access Control (MAC) • • Discretionary policies enforce access Mandatory access control refers to a control on the basis of the identity of type of access control by which the the requestors and explicit access operating system constrains the rules that establish who can, or ability of a subject or initiator to cannot, execute which actions on access or generally perform some which resources sort of operation on an object or target. • They are called discretionary as users can be given the ability of passing on • their privileges to other users, where Need: In the context of networked granting and revocation of privileges distributed systems, it is necessary to is regulated by an administrative broaden the scope to include the policy control of information flow between distributed nodes on a system wide basis rather than on an individual basis as in discretionary control

  12. MAC vs DAC • Mandatory access • Discretionary access control, this security control (DAC), which policy is centrally also governs the ability controlled by a security of subjects to access policy administrator; objects, allows users users do not have the the ability to make ability to override the policy decisions and/or policy and, for example, assign security grant access to files that attributes. would otherwise be restricted.

  13. Security Classifications • In multilevel mandatory policies, an access class is assigned to each object and subject – Access class is one element of a partially ordered set of classes • The partial order is defined by a dominance relationship denoted ≥ • In the most general case, the set of access classes can simply be any set of labels that together with the dominance relationship defined on them form a POSET (partially ordered set)

  14. Information Flow Control • System entities are • Information Flow control partitioned into security is concerned with how classes information is disseminated or • The security classes of all propagated from one entities must be specified object to another . explictly and the class of an entity seldom changes after it has been created( changes sometimes made by the system administration)

  15. Lattice Model • Lattice: consists of a finite partially ordered set together with a least upper bound and greatest lower bound operator on the set. • Information is permitted to flow from a lower class to upper class. • (Details – See earlier lectures)

  16. Protecting Privacy in a Distributed Network • Downloading of untrusted code are particularly in need of a better security model • E.g., Java supports downloading of code from remote sites, – possibility that the downloaded code will transfer confidential data to those sites. – Java attempts to prevent these transfers by using its compartmental sandbox security model, • It largely prevents applications from sharing data. • Different data manipulated by an application have different security requirements, but a compartmental model restricts all data equally.

  17. Decentralized Label Model Myers and Liskov (2000 ) • addresses the weaknesses of earlier approaches to the protection of confidentiality in a system containing untrusted code or users, even in situations of mutual distrust. • allows users to control the flow of their information without imposing the rigid constraints of a traditional MLS • It defines a set of rules that programs must follow in order to avoid leaks of private information • Protects confidentiality for users and groups rather than for a monolithic organization • Introduces a richer notion of declassification. – In the earlier models it was done by a trusted subject; in this model principals can declassify their own data

  19. Trusted Execution Model

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LAMINAR: PRACTICAL FINE-GRAINED DECENTRALIZED INFORMATION FLOW CONTROL (DIFC) Indrajit Roy ,

LAMINAR: PRACTICAL FINE-GRAINED DECENTRALIZED INFORMATION FLOW CONTROL (DIFC) Indrajit Roy ,

LAMINAR: PRACTICAL FINE-GRAINED DECENTRALIZED INFORMATION FLOW CONTROL (DIFC) Indrajit Roy , Donald E. Porter, Michael D. Bond, Kathryn S. McKinley, Emmett Witchel The University of Texas at Austin Untrusted code on trusted data Your

820 views • 45 slides
Decentralized Information Flow Control with the LIO library Pablo Buiras, Amit Levy, David Mazi`

Decentralized Information Flow Control with the LIO library Pablo Buiras, Amit Levy, David Mazi`

Decentralized Information Flow Control with the LIO library Pablo Buiras, Amit Levy, David Mazi` eres , John Mitchell, Alejandro Russo, Deian Stefan, David Terei, and Edward Yang Stanford and Chalmers October 18, 2013 Project goal Make it

383 views • 27 slides
Identifying tractable decentralized control problems on the basis of information structure

Identifying tractable decentralized control problems on the basis of information structure

Identifying tractable decentralized control problems on the basis of information structure Aditya Mahajan, Ashutosh Nayyar, and Demosthenis Teneketzis Dept of EECS, University of Michigan, Ann Arbor September 26, 2008 Optimal design of

446 views • 18 slides
with Deferrable constraints in Haskell through the tale of a Haskell information flow control

with Deferrable constraints in Haskell through the tale of a Haskell information flow control

Gradually typed DSLs with Deferrable constraints in Haskell through the tale of a Haskell information flow control library Pablo Buiras, Alejandro Russo, Dimitrios Vytiniotis Information flow control 101 Non- interference:

465 views • 31 slides
Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi

Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi

Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi Sigurbjarnarson , Luke Nelson, Bruno Castro-Karney, James Bornholt, Emina Torlak, and Xi Wang .org Enforcing information flow control is critical

1.02k views • 58 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure

Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure

Secure Architecture Principles Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure Information Flow (CACM 1976) Review Access Control Discretionary access control (DAC) Philosophy: users have

321 views • 16 slides
Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification and overview of main techniques TCP Tahoe, Reno, Vegas TCP Westwood Readings: (1) Keshavs book Chapter on Flow Control; (2)

374 views • 22 slides
Optimal Decentralized Control of System with Partially Exchangeable Agents Aditya Mahajan McGill

Optimal Decentralized Control of System with Partially Exchangeable Agents Aditya Mahajan McGill

Optimal Decentralized Control of System with Partially Exchangeable Agents Aditya Mahajan McGill University Joint work with Jalal Arabneydi Allerton Conference on Communication, Control, and Computing 28 Sep, 2016 Decentralized control with

856 views • 68 slides
Control flow Conditionals and Control Flow l A conditional branch

Control flow Conditionals and Control Flow l A conditional branch

10/2/15 Control flow Conditionals and Control Flow l A conditional branch is sufficient to implement most control Condition codes flow constructs offered in higher

356 views • 12 slides
1 Why Why flow flow control? control? sender

1 Why Why flow flow control? control? sender

Lecture 7. Lecture 7. TCP mechanisms for: TCP mechanisms for: data transfer control / flow control error control congestion control Graphical examples (applet java) of several algorithms at:

589 views • 13 slides
Motivation Intra-procedural analysis depends upon accurate control-flow information. In the

Motivation Intra-procedural analysis depends upon accurate control-flow information. In the

Motivation Intra-procedural analysis depends upon accurate control-flow information. In the presence of certain language features (e.g. indirect calls) it is nontrivial to predict accurately how control may flow at execution time the nave

594 views • 42 slides
Decentralized control Sigurd Skogestad Department of Chemical Engineering Norwegian University

Decentralized control Sigurd Skogestad Department of Chemical Engineering Norwegian University

Decentralized control Sigurd Skogestad Department of Chemical Engineering Norwegian University of Science and Tecnology (NTNU) Trondheim, Norway 1 Outline Multivariable plants RGA Decentralized control Pairing rules

693 views • 48 slides
Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of

Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of

Flow of Control Flow of Control Recitation 09/(11,12)/2008 CS 180 CS 180 Department of Computer Science, Purdue University Project 2 j Now posted on the class webpage. Due Wed, Sept. 17 at 10 pm. Start early All

663 views • 22 slides
Online Planning for Decentralized Sto ci astic Control with Partial History Sharing Kaiqing Zhang,

Online Planning for Decentralized Sto ci astic Control with Partial History Sharing Kaiqing Zhang,

Online Planning for Decentralized Sto ci astic Control with Partial History Sharing Kaiqing Zhang, Erik Miehling, and Tamer Ba ar Coordinated Science Lab UIUC American Control Conference Philadelphia, PA July 11, 2019 Decentralized

367 views • 22 slides
Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web

Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web

Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web script security: threats and countermeasures A formal model of web scripts Information flow security Secure multi-execution The

2.25k views • 131 slides
From spatiotemporal plasma-based diagnostics to high rep-rate PWFA at IOTA/FAST Scottish Centre

From spatiotemporal plasma-based diagnostics to high rep-rate PWFA at IOTA/FAST Scottish Centre

IOTA/FAST Workshop, 2018-05-10 Bernhard Hidding From spatiotemporal plasma-based diagnostics to high rep-rate PWFA at IOTA/FAST Scottish Centre for the Application of Plasma-Based Accelerators SCAPA, Department of Physics, University of

415 views • 20 slides
Malware Prof. Tom Austin San Jos State University Malware: The Cat & Mouse Game Attackers

Malware Prof. Tom Austin San Jos State University Malware: The Cat & Mouse Game Attackers

CS 166: Information Security Malware Prof. Tom Austin San Jos State University Malware: The Cat & Mouse Game Attackers and Defenders Play 1971 "I'M THE CREEPER : "I'M THE CREEPER : CATCH ME IF YOU CAN." CATCH ME IF YOU

1.11k views • 82 slides
Homers Iliad Books 2, 3 Italy, Egypt, Mediterranean Sea, Black Sea, Aegean Sea, Phoenicia,

Homers Iliad Books 2, 3 Italy, Egypt, Mediterranean Sea, Black Sea, Aegean Sea, Phoenicia,

Clst 181SK Ancient Greece and the Origins of Western Culture Homers Iliad Books 2, 3 Italy, Egypt, Mediterranean Sea, Black Sea, Aegean Sea, Phoenicia, Greece, Peloponnesus, Ionia, Crete, Cyprus, Delphi, Mycenae, Troy, Aulis, Hellespont Aulis

613 views • 27 slides
GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we

GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we

GDPR Data Security and Breaches 10 December 2019 Newcastle | Leeds | Manchester 2 What we will look at today Technical and Organisational Security Handling data breaches Case law Newcastle | Leeds | Manchester 3 Data

929 views • 76 slides
Real Time BoF LinuxCon Japan 2011 This session provides a forum to discuss Real Time Linux, share

Real Time BoF LinuxCon Japan 2011 This session provides a forum to discuss Real Time Linux, share

Real Time BoF LinuxCon Japan 2011 This session provides a forum to discuss Real Time Linux, share how you are using it, and learn from the experiences of others. Please come prepared to discuss your experiences with and hear about: - fields of

313 views • 18 slides
Understanding Trolls with Efficient Analytics of Large Graphs in Neo4j David Allen, Amy

Understanding Trolls with Efficient Analytics of Large Graphs in Neo4j David Allen, Amy

Understanding Trolls with Efficient Analytics of Large Graphs in Neo4j David Allen, Amy E.Hodler, Michael Hunger, Martin Knobloch, William Lyon, Mark Needham, Hannes Voigt BTW Rostock Feb 2019 Michael Hunger Director Neo4j Labs at Neo4j

706 views • 69 slides
Finding Bots and Trolls Joshua Uyheng juyheng@cs.cmu.edu CASOS Center, Institute for Software

Finding Bots and Trolls Joshua Uyheng juyheng@cs.cmu.edu CASOS Center, Institute for Software

<Your Name> Finding Bots and Trolls Joshua Uyheng juyheng@cs.cmu.edu CASOS Center, Institute for Software Research Carnegie Mellon University CASOS Summer Institute 2020 Center for Computational Analysis of Social and Organizational

547 views • 7 slides
Patent Troll Terminology -Patent assertion entity (PAE) -Non-practicing entity (NPE)

Patent Troll Terminology -Patent assertion entity (PAE) -Non-practicing entity (NPE)

4/16/2015 The Misinterpretation of eBay v. MercExchange and Why: An Analysis of the Case History, Precedent, and Parties Forthcoming, Chapman L. Rev. Professor Ryan T. Holte Southern Illinois University School of Law rholte@law.siu.edu

534 views • 9 slides

More recommend