policy languages
play

Policy Languages Express security policies in a precise way - PDF document

Nov 11, 2023 •379 likes •672 views

Policy Languages Express security policies in a precise way High-level languages Policy constraints expressed abstractly Low-level languages Policy constraints expressed in terms of program options, input, or specific

  1. Policy Languages • Express security policies in a precise way • High-level languages – Policy constraints expressed abstractly • Low-level languages – Policy constraints expressed in terms of program options, input, or specific characteristics of entities on system April 15, 2004 ECS 235 Slide #1 High-Level Policy Languages • Constraints expressed independent of enforcement mechanism • Constraints restrict entities, actions • Constraints expressed unambiguously – Requires a precise language, usually a mathematical, logical, or programming-like language April 15, 2004 ECS 235 Slide #2 1

  2. Example: Web Browser • Goal: restrict actions of Java programs that are downloaded and executed under control of web browser • Language specific to Java programs • Expresses constraints as conditions restricting invocation of entities April 15, 2004 ECS 235 Slide #3 Expressing Constraints • Entities are classes, methods – Class: set of objects that an access constraint constrains – Method: set of ways an operation can be invoked • Operations – Instantiation: s creates instance of class c : s -| c – Invocation: s 1 executes object s 2: s1 | → s2 • Access constraints – deny ( s op x ) when b – While b is true, subject s cannot perform op on (subject or class) x ; empty s means all subjects April 15, 2004 ECS 235 Slide #4 2

  3. DTEL • Basis: access can be constrained by types • Combines elements of low-level, high-level policy languages – Implementation-level constructs express constraints in terms of language types – Constructs do not express arguments or inputs to specific system commands April 15, 2004 ECS 235 Slide #5 Example • Goal: users cannot write to system binaries • Subjects in administrative domain can – User must authenticate to enter that domain • Subjects belong to domains: – d_user ordinary users – d_admin administrative users – d_login for login – d_daemon system daemons April 15, 2004 ECS 235 Slide #6 3

  4. Types • Object types: – t_sysbin executable system files – t_readable readable files – t_writable writable files – t_dte data used by enforcement mechanisms – t_generic data generated from user processes • For example, treat these as partitions – In practice, files can be readable and writable; ignore this for the example April 15, 2004 ECS 235 Slide #7 Domain Representation • Sequence – First component is list of programs that start in the domain – Other components describe rights subject in domain has over objects of a type (crwd->t_writable) means subject can create, read, write, and list (search) any object of type t_writable April 15, 2004 ECS 235 Slide #8 4

  5. d_daemon Domain domain d_daemon = (/sbin/init), (crwd->t_writable), (rd->t_generic, t_readable, t_dte), (rxd->t_sysbin), (auto->d_login); • Compromising subject in d_daemon domain does not enable attacker to alter system files – Subjects here have no write access • When /sbin/init invokes login program, login program transitions into d_login domain April 15, 2004 ECS 235 Slide #9 d_admin Domain domain d_admin = (/usr/bin/sh, /usr/bin/csh, /usr/bin/ksh), (crwxd->t_generic), (crwxd->t_readable, t_writable, t_dte, t_sysbin), (sigtstp->d_daemon); • sigtstp allows subjects to suspend processes in d_daemon domain • Admin users use a standard command interpreter April 15, 2004 ECS 235 Slide #10 5

  6. d_user Domain domain d_user = (/usr/bin/sh, /usr/bin/csh, /usr/bin/ksh), (crwxd->t_generic), (rxd->t_sysbin), (crwd->t_writable), (rd->t_readable, t_dte); • No auto component as no user commands transition out of it • Users cannot write to system binaries April 15, 2004 ECS 235 Slide #11 d_login Domain domain d_login = (/usr/bin/login), (crwd->t_writable), (rd->t_readable, t_generic, t_dte), setauth, (exec->d_user, d_admin); • Cannot execute anything except the transition – Only /usr/bin/login in this domain • setauth enables subject to change UID • exec access to d_user , d_admin domains April 15, 2004 ECS 235 Slide #12 6

  7. Set Up initial_domain = d_daemon; – System starts in d_daemon domain assign –r t_generic /; assign –r t_writable /usr/var, /dev, /tmp; assign –r t_readable /etc; assign –r –s dte_t /dte; assign –r –s t_sysbin /sbin, /bin, /usr/bin, /usr/sbin; – These assign initial types to objects – –r recursively assigns type – –s binds type to name of object (delete it, recreate it, still of given type) April 15, 2004 ECS 235 Slide #13 Add Log Type • Goal: users can’t modify system logs; only subjects in d_admin , new d_log domains can type t_readable, t_writable, t_sysbin, t_dte, t_generic, t_log; • New type t_log domain d_log = (/usr/sbin/syslogd), (crwd->t_log), (rwd->t_writable), (rd->t_generic, t_readable); • New domain d_log April 15, 2004 ECS 235 Slide #14 7

  8. Fix Domain and Set-Up domain d_daemon = (/sbin/init), (crwd->t_writable), (rxd->t_readable), (rd->t_generic, t_dte, t_sysbin), (auto->d_login, d_log); • Subject in d_daemon can invoke logging process – Can log, but not execute anything assign -r t_log /usr/var/log; assign t_writable /usr/var/log/wtmp, /usr/var/log/utmp; • Set type of logs April 15, 2004 ECS 235 Slide #15 Low-Level Policy Languages • Set of inputs or arguments to commands – Check or set constraints on system • Low level of abstraction – Need details of system, commands April 15, 2004 ECS 235 Slide #16 8

  9. Example: X Window System • UNIX X11 Windowing System • Access to X11 display controlled by list – List says what hosts allowed, disallowed access xhost +groucho -chico • Connections from host groucho allowed • Connections from host chico not allowed April 15, 2004 ECS 235 Slide #17 Example: tripwire • File scanner that reports changes to file system and file attributes – tw.config describes what may change /usr/mab/tripwire +gimnpsu012345678-a • Check everything but time of last access (“-a”) – database holds previous values of attributes April 15, 2004 ECS 235 Slide #18 9

  10. Example Database Record /usr/mab/tripwire/README 0 ..../. 100600 45763 1 917 10 33242 .gtPvf .gtPvY .gtPvY 0 .ZD4cc0Wr8i21ZKaI..LUOr3 .0fwo5:hf4e4.8TAqd0V4ubv ?...... ...9b3 1M4GX01xbGIX0oVuGo1h15z3 ?:Y9jfa04rdzM1q:eqt1APgHk ?.Eb9yo.2zkEh1XKovX1:d0wF0kfAvC ?1M4GX01xbGIX2947jdyrior38h15z3 0 • file name, version, bitmask for attributes, mode, inode number, number of links, UID, GID, size, times of creation, last modification, last access, cryptographic checksums April 15, 2004 ECS 235 Slide #19 Comments • System administrators not expected to edit database to set attributes properly • Checking for changes with tripwire is easy – Just run once to create the database, run again to check • Checking for conformance to policy is harder – Need to either edit database file, or (better) set system up to conform to policy, then run tripwire to construct database April 15, 2004 ECS 235 Slide #20 10

  11. Example English Policy • Computer security policy for academic institution – Institution has multiple campuses, administered from central office – Each campus has its own administration, and unique aspects and needs • Authorized Use Policy • Electronic Mail Policy April 15, 2004 ECS 235 Slide #21 Authorized Use Policy • Intended for one campus (Davis) only • Goals of campus computing – Underlying intent • Procedural enforcement mechanisms – Warnings – Denial of computer access – Disciplinary action up to and including expulsion • Written informally, aimed at user community April 15, 2004 ECS 235 Slide #22 11

  12. Electronic Mail Policy • Systemwide, not just one campus • Three parts – Summary – Full policy – Interpretation at the campus April 15, 2004 ECS 235 Slide #23 Summary • Warns that electronic mail not private – Can be read during normal system administration – Can be forged, altered, and forwarded • Unusual because the policy alerts users to the threats – Usually, policies say how to prevent problems, but do not define the threats April 15, 2004 ECS 235 Slide #24 12

  13. Summary • What users should and should not do – Think before you send – Be courteous, respectful of others – Don’t interfere with others’ use of email • Personal use okay, provided overhead minimal • Who it applies to – Problem is UC is quasi-governmental, so is bound by rules that private companies may not be – Educational mission also affects application April 15, 2004 ECS 235 Slide #25 Full Policy • Context – Does not apply to Dept. of Energy labs run by the university – Does not apply to printed copies of email • Other policies apply here • E-mail, infrastructure are university property – Principles of academic freedom, freedom of speech apply – Access without user’s permission requires approval of vice chancellor of campus or vice president of UC – If infeasible, must get permission retroactively April 15, 2004 ECS 235 Slide #26 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Turing Machines Context-Free Languages n b n R a ww Regular Languages a * a * b * 1

Turing Machines Context-Free Languages n b n R a ww Regular Languages a * a * b * 1

Review Languages and Grammars Alphabets, strings, languages Regular Languages Deterministic Finite and Nondeterministic Automata Equivalence of NFA and DFA and Minimizing a DFA CS 301 - Lecture 19 Regular Expressions

513 views • 17 slides
Undecidability Almost all Languages are undecidable Set of all languages: Set of all dec. lang.:

Undecidability Almost all Languages are undecidable Set of all languages: Set of all dec. lang.:

15-251: Great Theoretical Ideas in Computer Science Lecture 8 Undecidability Almost all Languages are undecidable Set of all languages: Set of all dec. lang.: Most languages do not have a TM deciding them Question: Is it just weird languages

517 views • 51 slides
Review Languages and Grammars Alphabets, strings, languages Regular Languages CS

Review Languages and Grammars Alphabets, strings, languages Regular Languages CS

Review Languages and Grammars Alphabets, strings, languages Regular Languages CS 301 - Lecture 22 Deterministic Finite and Nondeterministic Automata Equivalence of NFA and DFA and Minimizing a DFA Non-Determinism,

267 views • 15 slides
The Use of Rule Languages for Policy and Legal Compliance Jeffrey B. Ritter jritter@klng.com

The Use of Rule Languages for Policy and Legal Compliance Jeffrey B. Ritter jritter@klng.com

The Use of Rule Languages for Policy and Legal Compliance Jeffrey B. Ritter jritter@klng.com This presentation represents my personal views and is not the expression of the views of Kirkpatrick & Lockhart Nicholson Graham LLP or any of the

411 views • 8 slides
Developing Policy for Medium of Instruction and Languages for Education (MILE) in Multilingual

Developing Policy for Medium of Instruction and Languages for Education (MILE) in Multilingual

Developing Policy for Medium of Instruction and Languages for Education (MILE) in Multilingual Nepal 5th International Conference on Language and Education: Sustainable Development Through Multilingual Education 19-21 October 2016

422 views • 39 slides
= Languages Accepted by NPDAs Accept (Grammars) NPDAs Context-Free Languages 1 Proof - Step

= Languages Accepted by NPDAs Accept (Grammars) NPDAs Context-Free Languages 1 Proof - Step

Review Languages and Grammars Alphabets, strings, languages Regular Languages CS 301 - Lecture 13 Deterministic Finite and Nondeterministic Automata Equivalence of NFA and DFA Converting NPDAs to Grammars Regular

485 views • 15 slides
Review Languages and Grammars Alphabets, strings, languages Regular Languages CS 301

Review Languages and Grammars Alphabets, strings, languages Regular Languages CS 301

Review Languages and Grammars Alphabets, strings, languages Regular Languages CS 301 - Lecture 10 Deterministic Finite and Nondeterministic Automata Equivalence of NFA and DFA Chomsky and Greibach Regular Expressions

476 views • 9 slides
Languages & the Professions: URI as National Leader URI: A National Leader in Languages

Languages & the Professions: URI as National Leader URI: A National Leader in Languages

Department of Modern & Classical Languages & Literatures Languages & the Professions: URI as National Leader URI: A National Leader in Languages Over 700 majors in undergraduate languages Proficiency benchmarking and

71 views • 5 slides
Semantic Web Languages Basics Web Ontology Languages Wide variety of languages for Explicit

Semantic Web Languages Basics Web Ontology Languages Wide variety of languages for Explicit

Semantic Web Languages Basics Web Ontology Languages Wide variety of languages for Explicit Specification Graphical notations Semantic networks UML RDF/RDFS Logic based Description Logics (e.g., OIL, DAML+OIL, OWL,

408 views • 30 slides
Formal Languages CS 100: Introduction to the Profession Matthew Bauer & Michael Saelee Some

Formal Languages CS 100: Introduction to the Profession Matthew Bauer & Michael Saelee Some

Formal Languages CS 100: Introduction to the Profession Matthew Bauer & Michael Saelee Some languages - Natural languages: English, Chinese, Thai - Programming languages: Java, Lisp, Lambda calculus - Domain specific languages: SQL,

692 views • 39 slides
CSC 1800 Organization of Programming Languages Functional Languages 1 Introduction The

CSC 1800 Organization of Programming Languages Functional Languages 1 Introduction The

CSC 1800 Organization of Programming Languages Functional Languages 1 Introduction The design of the imperative languages is based directly on the von Neumann architecture Efficiency is the primary concern, rather than the suitability of

417 views • 24 slides
Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages

Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages

Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages CS251 Programming Languages Fall 2016, Lyn Turbak Department of Computer Science Wellesley College Discussion: P rogramming L anguages Your

496 views • 30 slides
The Pumping Lemma of different strings for Context-Free Languages Example: S AB A aBb

The Pumping Lemma of different strings for Context-Free Languages Example: S AB A aBb

Review Languages and Grammars Alphabets, strings, languages Regular Languages CS 301 - Lecture 16 Deterministic Finite and Nondeterministic Automata Equivalence of NFA and DFA and Minimizing a DFA Pumping Lemma for

246 views • 10 slides
BROGRAMMING LANGUAGES BROGRAMMING LANGUAGES WANT TO BRO DOWN AND CRUSH CODE? The Bro Network

BROGRAMMING LANGUAGES BROGRAMMING LANGUAGES WANT TO BRO DOWN AND CRUSH CODE? The Bro Network

I SAAC S HEFF BROGRAMMING LANGUAGES BROGRAMMING LANGUAGES WANT TO BRO DOWN AND CRUSH CODE? The Bro Network Security Monitor (brolog) BROGRAMMING LANGUAGES PLAN BROGRAMMING LANGUAGES CRUSH CODE? BROGRAMMING LANGUAGES PERFORMANCE

465 views • 30 slides
Ka w a Other languages on JVM Compiling Dynamic Languages to the Ja v a VM Ja v a

Ka w a Other languages on JVM Compiling Dynamic Languages to the Ja v a VM Ja v a

Ka w a Other languages on JVM Compiling Dynamic Languages to the Ja v a VM Ja v a can b e though t of as t w o dieren t things Ja v a as a programming language P er Bothner ob jectorien ted

191 views • 6 slides
Formal Languages and Grammars Chapter 2: Sections 2.1 and 2.2 Outline Languages and grammars

Formal Languages and Grammars Chapter 2: Sections 2.1 and 2.2 Outline Languages and grammars

Formal Languages and Grammars Chapter 2: Sections 2.1 and 2.2 Outline Languages and grammars Why? Regular languages (for scanning) Context free languages (for parsing) Derivation trees (a.k.a. parse trees) Ambiguity

869 views • 42 slides
Structuring Two-Dimensional Space The Pa7ern Processing Machinery and Pa7ern for Design 2.5D

Structuring Two-Dimensional Space The Pa7ern Processing Machinery and Pa7ern for Design 2.5D

Structuring Two-Dimensional Space The Pa7ern Processing Machinery and Pa7ern for Design 2.5D Space We live in a 3D world, but can we see 3D effecEvely? Up-down, sideways, and away dimensions InformaEon at only one point along each

473 views • 22 slides
Objects Abstrac,on Abstrac,on is the process of capturing

Objects Abstrac,on Abstrac,on is the process of capturing

Objects Abstrac,on Abstrac,on is the process of capturing only those ideas about a concept that are relevant to the current situa,on. Abstrac,on

560 views • 9 slides
Exploiting Linked Data for supporting mobile learning experiences Davide Taibi , Giovanni

Exploiting Linked Data for supporting mobile learning experiences Davide Taibi , Giovanni

Exploiting Linked Data for supporting mobile learning experiences Davide Taibi , Giovanni Fulantelli, Marco Arrigo National Research Council of Italy - Institute for Educational Technologies Linked Data for Education Projects The Lucero project

310 views • 19 slides
2016 Annual Virtual Meeting June 8, 2016 Agenda ALA Annual Orlando Arts Section Meetings

2016 Annual Virtual Meeting June 8, 2016 Agenda ALA Annual Orlando Arts Section Meetings

2016 Annual Virtual Meeting June 8, 2016 Agenda ALA Annual Orlando Arts Section Meetings Strategic Planning Membership and Outreach Website Conference Program Planning Committee Publications and Research Committee Q

702 views • 13 slides
SM2-TES: Functional Programming and Property-Based Testing, Day 10 Jan Midtgaard MMMI, SDU Last

SM2-TES: Functional Programming and Property-Based Testing, Day 10 Jan Midtgaard MMMI, SDU Last

SM2-TES: Functional Programming and Property-Based Testing, Day 10 Jan Midtgaard MMMI, SDU Last time. . . A generator of syntactically correct programs following the language grammar with several non-terminals passing an

1.47k views • 123 slides
Topological Drawings meet Classical Theorems of Convex Geometry Helena Bergold 1 , Stefan Felsner

Topological Drawings meet Classical Theorems of Convex Geometry Helena Bergold 1 , Stefan Felsner

Topological Drawings meet Classical Theorems of Convex Geometry Helena Bergold 1 , Stefan Felsner 2 , Manfred Scheucher 2 , oder 2 , Raphael Steiner 2 Felix Schr 1 FernUniversit at in Hagen 2 Technische Universit at Berlin Theorems of

828 views • 46 slides
The perturbative SU(N) one-loop running coupling in the twisted gradient flow scheme 36th Annual

The perturbative SU(N) one-loop running coupling in the twisted gradient flow scheme 36th Annual

The perturbative SU(N) one-loop running coupling in the twisted gradient flow scheme 36th Annual International Symposium on Lattice Field Theory East Lansing, 2018 Eduardo I. Bribian Instituto de Fisica Teorica UAM-CSIC e.i.bribian@csic.es

478 views • 25 slides
sound synthesis with foo once again text & parenthesis but less silly

sound synthesis with foo once again text & parenthesis but less silly

sound synthesis with foo once again text & parenthesis but less silly non-realtime sound synthesis written in objective-c and scheme text interface (scheme) priority to high quality audio rendering over performance

394 views • 8 slides

More recommend