outline security principles and policies
play

Outline Security Principles and Policies Security terms and - PDF document

Apr 27, 2023 •243 likes •347 views

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

  1. Outline Security Principles and Policies • Security terms and concepts CS 239 • Security policies Computer Security –Basic concepts Peter Reiher –Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1 Page 2 CS 239, Winter 2005 CS 239, Winter 2005 Security and Protection Policy vs. Mechanism People shouldn’t drive • Security is a policy that fast in my – E.g., “no unauthorized user may access neighborhood! this file” • Protection is a mechanism That’s a mechanism – E.g., “the system checks user identity against access permissions” That’s a policy • Protection mechanisms implement security policies That’s a different type of mechanism Lecture 2 Lecture 2 Page 3 Page 4 CS 239, Winter 2005 CS 239, Winter 2005 Design Principles for Economy in Security Design Secure Systems • Economy • Economical to develop • Complete mediation –And to use • Open design –And to verify • Separation of privileges • Should add little or no overhead • Least privilege • Should do only what needs to be done • Least common mechanism • Generally, try to keep it simple and • Acceptability small • Fail-safe defaults Lecture 2 Lecture 2 Page 5 Page 6 CS 239, Winter 2005 CS 239, Winter 2005 1

  2. Complete Mediation Open Design • Apply security on every access to a • Don’t rely on “security through obscurity” protected object • Assume all potential attackers know everything about the design –E.g., each read of a file, not just the – And completely understand it open • This doesn’t mean publish everything • Also involves checking access on important about your security system everything that could be attacked – Though sometimes that’s a good idea Lecture 2 Lecture 2 Page 7 Page 8 CS 239, Winter 2005 CS 239, Winter 2005 Separation of Privileges Least Privilege • Provide mechanisms that separate the • Give bare minimum access rights privileges used for one purpose from required to complete a task those used for another • Require another request to perform • To allow flexibility in security systems another type of access • E.g., separate access control on each • E.g., don’t give write permission to a file file if the program only asked for read Lecture 2 Lecture 2 Page 9 Page 10 CS 239, Winter 2005 CS 239, Winter 2005 Least Common Mechanism Acceptability • Avoid sharing parts of the security • Mechanism must be simple to use mechanism • Simple enough that people will use it –among different users without thinking about it –among different parts of the system • Must rarely or never prevent permissible accesses • Coupling leads to possible security breaches Lecture 2 Lecture 2 Page 11 Page 12 CS 239, Winter 2005 CS 239, Winter 2005 2

  3. Fail-Safe Designs Thinking About Security When considering the security of any system, ask these • Default to lack of access questions: • So if something goes wrong or is 1. What assets are you trying to protect? 2. What are the risks to those assets? forgotten or isn’t done, no security lost 3. How well does the security solution mitigate those risks? • If important mistakes are made, you’ll 4. What other security problems does the security solution find out about them cause? 5. What tradeoffs does the security solution require? –Without loss of security (This set of questions was developed by Bruce Schneier, for his book Beyond Fear ) –But if it happens too often . . . Lecture 2 Lecture 2 Page 13 Page 14 CS 239, Winter 2005 CS 239, Winter 2005 What Assets Are We Trying to An Example Protect? • Access to computers in the graduate • ? workstation room • Current security solution – Must provide valid CS department user ID and password Lecture 2 Lecture 2 Page 15 Page 16 CS 239, Winter 2005 CS 239, Winter 2005 How Well Does the Security What Are the Risks to Those Assets? Solution Mitigate Those Risks? • ? • ? Lecture 2 Lecture 2 Page 17 Page 18 CS 239, Winter 2005 CS 239, Winter 2005 3

  4. What Other Security Problems Does What Tradeoffs Does the Security the Security Solution Cause? Solution Require? • ? • ? Lecture 2 Lecture 2 Page 19 Page 20 CS 239, Winter 2005 CS 239, Winter 2005 Security Policies What Is a Security Policy? • A complete description of the security • Security policies describe how a secure goals the system should achieve system should behave –Not a description of how to achieve • Generally, if you don’t have a clear them policy, you don’t have a secure system • Sometimes described informally –Since you don’t really know what • Sometimes described very formally you’re trying to do –Using mathematical models Lecture 2 Lecture 2 Page 21 Page 22 CS 239, Winter 2005 CS 239, Winter 2005 Informal Security Policies Access Control Policies • “Users should only be able to access their • Describe who can access what own files, in most cases.” resources • “Only authorized users should be able to log in.” • Mandatory access control • “System executables should only be altered –The system enforces its own policy by system administrators.” • The general idea is pretty clear • Discretionary access control • But it can be hard to determine if a system –Policy set by individual users meets these goals Lecture 2 Lecture 2 Page 23 Page 24 CS 239, Winter 2005 CS 239, Winter 2005 4

  5. Formal Security Policies Bell-La Padula Model • Probably best-known computer security • Typically expressed in a mathematical model security policy language • Corresponds to military classifications • Tending towards precision • Combines mandatory and discretionary – Allowing formal reasoning about the access control system and policy • Two parts: • Often matched to a particular policy model – Clearances – E.g., Bell-La Padua model – Classifications Lecture 2 Lecture 2 Page 25 Page 26 CS 239, Winter 2005 CS 239, Winter 2005 Clearances Classifications • Each object (file, database entry, etc.) has a • Subjects (people, programs, etc.) have classification a clearance • The classification describes how sensitive • Clearance describes how trusted the the object is subject is • Using same categories as clearances • E.g., unclassified , confidential , secret , • Informally, only people with the same (or higher) clearance should be able to access top secret objects of a particular classification Lecture 2 Lecture 2 Page 27 Page 28 CS 239, Winter 2005 CS 239, Winter 2005 Bell-LaPadula Simple Security Goal of Bell-LaPadula Model Condition • Prevent any subject from ever getting read • Subject S can read object O iff l O ≤ l S access to objects at higher classification • Simple enough: levels than subject’s clearance –If S isn’t granted top secret • Really, concerned not just with objects clearance, S can’t read top secret • Also concerned with the objects’ contents objects • Includes discretionary access control • Are we done? – Which we won’t cover in lecture Lecture 2 Lecture 2 Page 29 Page 30 CS 239, Winter 2005 CS 239, Winter 2005 5

  6. Why Aren’t We Done? The Bell-LaPadula *-Property • S can write O iff l S ≤ l O • Remember, we really care about the information in an object • Prevents write-down – Privileged subjects writing high- • A subject with top secret clearance can read classification information to low- a top secret object classification objects • If careless, he could write that information – E.g., a top secret user can’t write to a to a confidential object confidential data file • Then someone with confidential clearance • Can be proven that a system meeting these can read top secret information properties is “secure” Lecture 2 Lecture 2 Page 31 Page 32 CS 239, Winter 2005 CS 239, Winter 2005 Bell-LaPadula Example Bell-LaPadula Caveats TOP S TO P SE CRET • A provably secure Bell-LaPadula system O R may be impossible to really use D Classif Cla ssified read E R S • Says nothing about some other important Write (attack the red tank) security properties Classified Top Secret write Bell-LaPadula – Like integrity doesn’t allow write-down! Secret Lecture 2 Lecture 2 Page 33 Page 34 CS 239, Winter 2005 CS 239, Winter 2005 Integrity Security Policies Example: Biba Integrity Policy • Subject set S, object set O • Designed to ensure that information is • Set of ordered integrity levels I not improperly changed • Subjects and objects have integrity levels • Often the key issue for commercial • Subjects at high integrity levels are less likely to screw up data systems – E.g., trusted users or carefully audited programs • Secrecy is nice, but not losing track of • Data at a high integrity level is less likely to be screwed up your inventory is crucial – Probably because it badly needs not to be screwed up Lecture 2 Lecture 2 Page 35 Page 36 CS 239, Winter 2005 CS 239, Winter 2005 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

419 views • 12 slides
Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats

245 views • 3 slides
CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Security Policies A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a

532 views • 41 slides
Outline Saltzer & Schroeders principles CSci 5271 More secure design principles

Outline Saltzer & Schroeders principles CSci 5271 More secure design principles

Outline Saltzer & Schroeders principles CSci 5271 More secure design principles Introduction to Computer Security Day 7: Defensive programming and design, part 1 Software engineering for security Stephen McCamant Announcements

355 views • 7 slides
Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO security standards at campuses) p ) Brian OHora, BSc (Hons) & MBA Technology Management Information Systems Services, TCD TERENA E2E

325 views • 15 slides
Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design principles Introduction to Computer Security Software engineering for security Defensive programming 2 (combined lecture) Announcements intermission

632 views • 9 slides
Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission

Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission

Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission Introduction to Computer Security Day 7: Defensive programming and design, More secure design principles part 1 Software engineering for security Stephen

571 views • 9 slides
Security Summer 2016 Cornell University 1 Today Security policies Enforcement

Security Summer 2016 Cornell University 1 Today Security policies Enforcement

CS 4410 Operating Systems Security Summer 2016 Cornell University 1 Today Security policies Enforcement Authenticating people Passwords 2 Security policy Security policies prescribe what must be done and what must not be

431 views • 13 slides
Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats Security policies Confidentiality Policies Policy The Bell-LaPadula Model Specification Integrity Policies The Biba

698 views • 49 slides
Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language policies Example policies Implementation policies High level Low level -2 Reading Material Computer Security,

764 views • 40 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage

Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage

Updated (VO) Community Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 EGI security policies

319 views • 12 slides
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian Roth , Timothy Barron, Stefano Calzavara, Nick Nikiforakis & Ben Stock Network and Distributed System Security Symposium (NDSS '20) Cross-Site

878 views • 31 slides
Practical Principles for Computer Security Butler Lampson Marktoberdorf August 2006 1 Practical

Practical Principles for Computer Security Butler Lampson Marktoberdorf August 2006 1 Practical

Practical Principles for Computer Security Butler Lampson Marktoberdorf August 2006 1 Practical Principles for Computer Security B. W. Lampson 2 August 2006 Outline Introduction: what is security? Principals, the speaks for relation,

1.22k views • 94 slides
More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by Khoo Yit Phang April 21, 2008 To Build Secure Systems... 1.What sort of security policies can and should w e demand of our system? 2.What mechanism

325 views • 15 slides
15-410 My other car is a cdr -- Unknown Exam #1 Oct. 24, 2016 Dave Eckhardt Dave

15-410 My other car is a cdr -- Unknown Exam #1 Oct. 24, 2016 Dave Eckhardt Dave

15-410 My other car is a cdr -- Unknown Exam #1 Oct. 24, 2016 Dave Eckhardt Dave Eckhardt Dave O'Hallaron Dave O'Hallaron 1 L22_Exam 15-410, F'16 Synchronization Checkpoint 2 Wednesday, in Wean 5207 cluster Checkpoint 2

631 views • 25 slides
@ ChrisJohnRiley > whoami IT Security Analyst / Security Consultant Raiffeisen

@ ChrisJohnRiley > whoami IT Security Analyst / Security Consultant Raiffeisen

@ ChrisJohnRiley > whoami IT Security Analyst / Security Consultant Raiffeisen Informatik GmbH R-IT CERT Team Regular conference speaker DEF CON | Bsides | Hashdays | SecZone blog http://blog.c22.cc Abject

2.84k views • 195 slides
CS 4518 Mobile and Ubiquitous Computing Lecture 10: Human-Centric Smartphone Sensing Applications

CS 4518 Mobile and Ubiquitous Computing Lecture 10: Human-Centric Smartphone Sensing Applications

CS 4518 Mobile and Ubiquitous Computing Lecture 10: Human-Centric Smartphone Sensing Applications Emmanuel Agu BES Sleep Duration Sensing Unobtrusive Sleep Monitoring Unobtrusive Sleep Monitoring using Smartphones, Zhenyu Chen, Mu Lin, Fanglin

1.11k views • 90 slides
IBMSFQCCAA Health Care Panel 10 November 2017 Moderator : Sy Schulman Panelists : Dave Johnson

IBMSFQCCAA Health Care Panel 10 November 2017 Moderator : Sy Schulman Panelists : Dave Johnson

IBMSFQCCAA Health Care Panel 10 November 2017 Moderator : Sy Schulman Panelists : Dave Johnson Gregg Cesario Hal Jurist Linda Sheiner John Ryan Audience comments and Questions Sy Schulman Florida Blue Medicare Supplement Plan F

86 views • 8 slides
A New Application of Modular Robots on Analysis of Caterpillar-like Locomotion Houxiang Zhang,

A New Application of Modular Robots on Analysis of Caterpillar-like Locomotion Houxiang Zhang,

A New Application of Modular Robots on Analysis of Caterpillar-like Locomotion Houxiang Zhang, Juan Gonzlez-Gmez, Jianwei Zhang Faculty of Mathematics, Informatics School of Engineering and Natural Sciences Universidad Autonoma de Madrid

305 views • 17 slides
Design and Fabrication of Personalized Robotic Devices Stelian Coros Computer Graphics &

Design and Fabrication of Personalized Robotic Devices Stelian Coros Computer Graphics &

Design and Fabrication of Personalized Robotic Devices Stelian Coros Computer Graphics & Animation Robotics Computational Design 3D Printing From Digital To Real 3D Printing: limitless opportunities complexity is free

1.26k views • 96 slides
Autonomous and Mobile Robotics Whole-body motion planning for humanoid robots (Slides prepared

Autonomous and Mobile Robotics Whole-body motion planning for humanoid robots (Slides prepared

Autonomous and Mobile Robotics Whole-body motion planning for humanoid robots (Slides prepared by Marco Cognetti) Prof. Giuseppe Oriolo Motivations task-constrained motion planning: find collision-free motions for a humanoid that is assigned a

509 views • 22 slides
CS449/649: Human-Computer Interaction Winter 2018 Lecture XI Anastasia Kuzminykh Create Design

CS449/649: Human-Computer Interaction Winter 2018 Lecture XI Anastasia Kuzminykh Create Design

CS449/649: Human-Computer Interaction Winter 2018 Lecture XI Anastasia Kuzminykh Create Design Ideas Prototype Design Prototypes Static representations of the product - interactive design model of the product Sketches Wireframes Mockups

919 views • 57 slides

More recommend