information flow and policy
play

Information flow and policy In five minutes, you learn what the - PowerPoint PPT Presentation

Mar 19, 2023 •264 likes •451 views

Information flow and policy In five minutes, you learn what the average college graduate remembers five years after he or she is out of school. If you want to know more about something... Ask me Man pages, manuals, papers, books

  1. Information flow and policy

  2. “In five minutes, you learn what the average college graduate remembers five years after he or she is out of school.”

  3. If you want to know more about something... ● Ask me ● Man pages, manuals, papers, books ● Google ● Google Scholar (can see all the papers that cite a paper) ● All the places in the library where you can't sit and study have periodicals, books, helpful people, etc.

  5. Foundational results ● Access Control Matrix – Formally undecidable if a right leaks ● Take-grant model – Transitive closure

  6. Policies ● Confidentiality – Bell-LaPadula: no reads up, no writes down ● Integrity – Biba's low-water-mark policy (if you read it, your integrity becomes the minimum of what it is already and that of what you read) – Biba's ring policy (read if you’re interested) – Biba's Model (Bell-LaPadula upside down) – Lipner (read if you’re interested) and Clark-Wilson (for business) ● Availability Hybrid Policies – Chinese Wall model (for conflicts of interest) – CISSP (had its acronym stolen)

  7. Lattice = partial ordering Plagiarized from http://www.cs.cornell.edu/courses/cs5430/2012sp/mls.gif

  8. Chinese Wall Model Plagiarized from http://www.cs.cornell.edu/courses/cs5430/2012sp/chinWall.gif

  9. Mechanisms ● Mandatory Access Control – System won't let users change, like SELinux ● Discretionary Access Control – Users can change, like UNIX file permissions ● Capabilities vs. access control lists ● Weak Windows DACLs is a fascinating topic – https://www.nccgroup.trust/uk/about-us/newsroom-and-events/bl ogs/2013/november/windows-dacls-why-there-is-still-room-for-i nterest/ – Gray Hat Hacking, 4 th Edition by Harper et al. – https://www.blackhat.com/presentations/bh-dc-07/Cerrudo/Pap er/bh-dc-07-Cerrudo-WP.pdf

  10. Information flow ● Multi-Level Security (Top Secret, Secret, Unclassified, etc. all on the same machine) – Kind of a stupid idea (think rainbow series) ● Noninterference (Goguen and Meseguer in 1982) – “A computer has the non-interference property if and only if any sequence of low inputs will produce the same low outputs, regardless of what the high level inputs are.” (https://en.wikipedia.org/wiki/Non- interference_(security))

  11. Information flow (continued) ● Denning's Lattice-based access control (1976) ● Fenton's Data Mark Machine (1974) ● Dynamic Information Flow Tracking (Suh et al. , ASPLOS 2004, Crandall and Chong MICRO 2004) – A.k.a. Dynamic Taint Analysis (Newsome and Song 2005) – Indirect flows are a problem x = A[y] if (y==1) X = 1

  12. Implicit flows if (y == 1) x = 1 Even if y != 1, information flows from y to x

  13. Covert channels ● Confinement problem – Defined by Lampson in 1973 ● Covert channel = path of communication that was not designed to be used for communication [Bishop, Chapter 17] ● Lipner (1975) distinguishes between timing channels and storage channels – Kemmerer's (1983) Shared Resource Matrix Methodology can be used for storage channels, basically a transitive closure – Wray (1992) considered timing channels, can compare all pairs of “clocks”

  14. Examples of covert channels ● Hard drive timings ● Locks ● Triangle boy

  15. Side channels ● Covert channels assume collusion ● Side channels can be used to infer information – Key stroke timings leaking through entropy pool (Silence on the Wire by Zalewski ) – Keyboard Acoustic Emanations https://www.davidsalomon.name/CompSec/auxiliary/KybdEmanation. pdf – Cache missing for fun and profit http://www.daemonology.net/papers/cachemissing.pdf – Labs 1, 2, and 3 – Lots of other examples... ● “Information wants to be free”

  16. Examples of side channels ● Microarchitectural ● TCP/IP side channels ● Crypto timing channels in power, over the network, etc.

  17. Thomas Jefferson said... “That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation.”

  18. Resources ● Cryptography and Data Security by Dorothy Elizabeth Denning ● Computer Security: Art and Science by Matt Bishop ● https://www.youtube.com/watch?v=kO8x8eoU3 L4

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton

Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton

Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton Using Encryption to Enforce an Information Flow Policy Research Directions Jason Crampton Information Security Group Royal Holloway, University

472 views • 35 slides
May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Secure Information Flow ! Protecting the confidentiality of secret information Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy Blood type: AB Birth date: 9/5/46 HIV: positive ! Access control and

399 views • 10 slides
Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement problem Covert channels Isolation: virtual machines, sandboxes March 2, 2009 ECS 235B, Winter Quarter 2009 Slide #19-1 Matt Bishop, UC

322 views • 30 slides
Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Information Flow Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Information Flow 3 Many security requirements can be formulated as what information flow is allowed/disallowed E.g., confidential data should not

478 views • 27 slides
Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies

Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies

Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies Compiler-based mechanisms Execution-based mechanisms Examples Security Pipeline Interface Secure Network Server Mail Guard February

625 views • 44 slides
with Deferrable constraints in Haskell through the tale of a Haskell information flow control

with Deferrable constraints in Haskell through the tale of a Haskell information flow control

Gradually typed DSLs with Deferrable constraints in Haskell through the tale of a Haskell information flow control library Pablo Buiras, Alejandro Russo, Dimitrios Vytiniotis Information flow control 101 Non- interference:

465 views • 31 slides
Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi

Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi

Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi Sigurbjarnarson , Luke Nelson, Bruno Castro-Karney, James Bornholt, Emina Torlak, and Xi Wang .org Enforcing information flow control is critical

1.02k views • 58 slides
Secure Information Flow as a Safety Problem Overview Introduction to secure information flow

Secure Information Flow as a Safety Problem Overview Introduction to secure information flow

Secure Information Flow as a Safety Problem Overview Introduction to secure information flow Type-Based approach Self composition Downgrading Self composition with downgrading Type directed transformation

511 views • 22 slides
Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web

Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web

Information flow control for the web Prof. Frank PIESSENS Overview The web platform Web script security: threats and countermeasures A formal model of web scripts Information flow security Secure multi-execution The

2.25k views • 131 slides
Information Flow in Logic Programming Antoun Yaacoub Introduction Syntax and semantics Antoun

Information Flow in Logic Programming Antoun Yaacoub Introduction Syntax and semantics Antoun

Inf. flow in Logic Prog. Information Flow in Logic Programming Antoun Yaacoub Introduction Syntax and semantics Antoun Yaacoub Information flow in logic Pg. Deciding Institut de Recherche en Informatique de Toulouse (IRIT) bisimulation

683 views • 66 slides
Information Theory and Security: Quantitative Information Flow Pasquale Malacaria

Information Theory and Security: Quantitative Information Flow Pasquale Malacaria

Information Theory and Security: Quantitative Information Flow Pasquale Malacaria pm@dcs.qmul.ac.uk School of Electronic Engineering and Computer Science Queen Mary University of London Information Theory and Security: Quantitative Information

835 views • 54 slides
Cloud security CS642: Computer Security Professor Ristenpart

Cloud security CS642: Computer Security Professor Ristenpart

Cloud security CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

567 views • 43 slides
Securing distributed systems with information flow control Nickolai Zeldovich Silas

Securing distributed systems with information flow control Nickolai Zeldovich Silas

Securing distributed systems with information flow control Nickolai Zeldovich Silas Boyd-Wickizer David Mazires Traditional web applications: lots of trusted (yellow) code HTTP User's Application User's browser front Database User's

1.16k views • 66 slides
Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and

Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and

Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and Threat Analyst IBM Security Services X-Force Why DNS? This is still a work in progress but... Why look at the DNS? It's just THERE.

496 views • 21 slides
Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo Barradas PhD Stage: Planner Advisors: Prof. Lus Rodrigues & Prof. Nuno Santos Research Area: Privacy-Enhancing Technologies Diogo Barradas - EuroSys

395 views • 15 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage

I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage

I Heard It through the Firewall: Exploiting Cloud Management Services as an Information Leakage Channel Hyunwook Baek , Eric Eide, Robert Ricci, Jacobus Van der Merwe University of Utah 1 Motivation Information leakage in cloud has

874 views • 49 slides
The Bell-LaPadula Model CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey

The Bell-LaPadula Model CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey

The Bell-LaPadula Model CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2008 Week 6 Dr Hans Georg Schaathun The Bell-LaPadula Model Autumn 2008 Week 6 1 / 32 The session Outline The session 1 Finite

848 views • 49 slides
Anlisis y Desarrollo de un canal encubierto en una red de sensores ! Jose A. Onieva, Ruben Rios,

Anlisis y Desarrollo de un canal encubierto en una red de sensores ! Jose A. Onieva, Ruben Rios,

Anlisis y Desarrollo de un canal encubierto en una red de sensores ! Jose A. Onieva, Ruben Rios, Bernardo Palenciano* ! NICS Lab University of Mlaga ! http://www.nics.uma.es ! *Dpto. de Infraestructura de TTI ! ! RECSI 2014, Alicante,

618 views • 19 slides

More recommend