Download presentation

Presentation is loading. Please wait.

Published byHeriberto Banks Modified over 2 years ago

1
Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under security evaluation criteria. Analyzing the security of interoperating and individually secure systems can be done in polynomial time. Given a non-secure network configuration, then re- configuring the connections in an optimal way (to minimize the impact on interoperability) is NP.

2
Multilevel Security (MLS) [Bell LaPadula Model] Security levels L define classification of subjects (processes) and objects. eg, Unclassified, Secret, Top-Secret. Policy: lattice of security levels (L,<=) x<=y: level x information may flow to level y. Unclassified < Secret < Top-Secret

3
Evaluation Criteria [“Orange” & “Red” Books] MLS systems assured to different levels of assurance based on evaluation criteria. (worst) D

4
Configuring MLS Networks Channel Cascade Attacks S TS U S U S B2 B1 B3 Each evaluated system meets criteria. However, network has cascading risk: Attacker breaks system A, copies TS data to S, copies this data from System A to B to C, breaks system C, copies S(TS) data to U. B3 assurance required when protecting TS and U, but cascade attack breaks B2 and lower systems. A B C

5
Modeling MLS networks Strategy effort((s,l),(s’,l’)) The minimum effort required to compromise the network and copy/downgrade level l information held on system s to level l’ on system s’ Cascade problem if exists s,s’ and l, l’: effort((s,l),(s’,l’)) < system-assurance S TS U S U S B2 B1 B3 A B C B1 B3 B2

6
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. S TS U S U S B2 B1 B3 A B C B1B3B2

7
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems S TS U S U S B2 B1 B3 A B C

8
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels S TS U S U S B2 B1 B3 A B C 3 1 3 2 0 0

9
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels Cascade Detection: finding cascades. S TS U S U S B2 B1 B3 A B C 3 2 0 3

10
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels Cascade Detection: finding cascades. S TS U S U S B2 B1 B3 A B C 1 2 0 0 3

11
U S TS B S A U S C S D Ex1: Cascade Free Path

12
U S TS B S A U S C S D TsATsA TdATdA TsBTsB SdBSdB SsCSsC *1s*1s UdCUdC *1d*1d S U S U S B2 B1 B3 A C

13
TsATsA TdATdA TsBTsB SdBSdB SsCSsC *1s*1s UdCUdC *1d*1d Ex1: Cascade Free Path U S TS B S A U S C S D 0130000 E = max( {0,0,3,0,1,0,0} ) = 3 R(T s A,S d B ) R(T s A,U d C ) R(T S A, * 1 d ) 3 0 2 R = max( {2,3,0} ) = 3

14
U S TS B S A U S C S D Ex2: Cascading Path

15
U S TS B S A U S C S D S U S A C S D C2 B2 B1

16
Ex2: Cascading Path U S TS B S A U S C S D 2100000 TsATsA SsDSsD SsCSsC *1s*1s SdASdA SdDSdD UdCUdC *1d*1d E = max( {2,0,0,0,1,0,0} ) = 2 R(T s A,S d D ) R(T s A,U d C ) R(T s A,* 1 d ) 2 0 3 R = max( {2,3,0} ) = 3

17
Conclusion Secure interoperation is difficult! Remember: when you compose two secure systems you could obtain a not secure system! In real life: Add comunications only when really needed!

19
Questions? Thank you for your attention

20
Crisp toward soft constraints P={ x3x3 x4x4 x1x1 x2x2 V, {red,blue,yellow} {blue,yellow} {red,blue} {yellow} D, C={pairwise-different} C, PC, con, def, a} x1x1 x2x2 x3x3 x4x4 combination projection

21
Crisp toward soft constraints x3x3 x4x4 x1x1 x2x2 {red,blue,yellow} {blue,yellow} {red,blue} {yellow} C={pairwise-different} 5$ 3$ 2$ 15$ x1x1 x2x2 x3x3 x4x4 Combination (+) Projection (min) 15$ 13$ Probabilistic Fuzzy Classical Weighted C-semiring :

22
The Semiring Framework A c-semiring is a tuple such that: A is the set of all consistency values and 0, 1 A. 0 is the lowest consistency value and 1 is the highest consistency value; +, the additive operator, is a closed, commutative, associative and idempotent operation such that 1 is its absorbing element and 0 is its unit element; ×, the multiplicative operator, is a closed and associative operation such that 0 is its absorbing element, 1 is its unit element and × distributes over +. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar 1997. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar 1997.

23
Semiring-based Constraints Given a semiring, an ordered set of variables V over a finite domain D, a constraint is a function which maps an assignment of the variables in the support of c, supp(c) to an element of A. Notation c represents the constraint function c evaluated under instantiation , returning a semiring value. Given two constraints c 1 and c 2, their combination is defined as (c 1 c 2 ) = c 1 ×c 2 . The operation C represents the combination of a set of constraints C. a · b iff a+b=b c 1 v c 2 iff 8 c 1 · c 2 Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002. Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002.

Similar presentations

OK

1 FM and Security-Overview FM Formal Security Models Based on Slides prepared by A. Jones and Y. Lin. Material based on C. Landwehr paper.

1 FM and Security-Overview FM Formal Security Models Based on Slides prepared by A. Jones and Y. Lin. Material based on C. Landwehr paper.

© 2018 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on business plan preparation Ppt on verb tenses Ppt on human body parts Ppt on led driver Ppt on low level language programming Ppt on student leadership Download ppt on heritage of india Ppt on ufo and aliens Ppt on republic day of india 2012 Ppt on online voting system in php