Presentation is loading. Please wait.

Presentation is loading. Please wait.

Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under.

Similar presentations


Presentation on theme: "Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under."— Presentation transcript:

1 Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under security evaluation criteria.  Analyzing the security of interoperating and individually secure systems can be done in polynomial time.  Given a non-secure network configuration, then re- configuring the connections in an optimal way (to minimize the impact on interoperability) is NP.

2 Multilevel Security (MLS) [Bell LaPadula Model] Security levels L define classification of subjects (processes) and objects. eg, Unclassified, Secret, Top-Secret. Policy: lattice of security levels (L,<=) x<=y: level x information may flow to level y. Unclassified < Secret < Top-Secret

3 Evaluation Criteria [“Orange” & “Red” Books] MLS systems assured to different levels of assurance based on evaluation criteria. (worst) D

4 Configuring MLS Networks Channel Cascade Attacks S TS U S U S B2 B1 B3 Each evaluated system meets criteria. However, network has cascading risk: Attacker breaks system A, copies TS data to S, copies this data from System A to B to C, breaks system C, copies S(TS) data to U. B3 assurance required when protecting TS and U, but cascade attack breaks B2 and lower systems. A B C

5 Modeling MLS networks Strategy effort((s,l),(s’,l’)) The minimum effort required to compromise the network and copy/downgrade level l information held on system s to level l’ on system s’ Cascade problem if exists s,s’ and l, l’:  effort((s,l),(s’,l’)) < system-assurance S TS U S U S B2 B1 B3 A B C B1 B3 B2

6 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. S TS U S U S B2 B1 B3 A B C B1B3B2

7 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems S TS U S U S B2 B1 B3 A B C

8 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels S TS U S U S B2 B1 B3 A B C

9 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels Cascade Detection: finding cascades. S TS U S U S B2 B1 B3 A B C

10 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels Cascade Detection: finding cascades. S TS U S U S B2 B1 B3 A B C

11 U S TS B S A U S C S D Ex1: Cascade Free Path

12 U S TS B S A U S C S D TsATsA TdATdA TsBTsB SdBSdB SsCSsC *1s*1s UdCUdC *1d*1d S U S U S B2 B1 B3 A C

13 TsATsA TdATdA TsBTsB SdBSdB SsCSsC *1s*1s UdCUdC *1d*1d Ex1: Cascade Free Path U S TS B S A U S C S D E  = max( {0,0,3,0,1,0,0} ) = 3 R(T s A,S d B ) R(T s A,U d C ) R(T S A, * 1 d ) R  = max( {2,3,0} ) = 3

14 U S TS B S A U S C S D Ex2: Cascading Path

15 U S TS B S A U S C S D S U S A C S D C2 B2 B1

16 Ex2: Cascading Path U S TS B S A U S C S D TsATsA SsDSsD SsCSsC *1s*1s SdASdA SdDSdD UdCUdC *1d*1d E  = max( {2,0,0,0,1,0,0} ) = 2 R(T s A,S d D ) R(T s A,U d C ) R(T s A,* 1 d ) R  = max( {2,3,0} ) = 3

17 Conclusion Secure interoperation is difficult! Remember: when you compose two secure systems you could obtain a not secure system! In real life: Add comunications only when really needed!

18

19 Questions? Thank you for your attention

20 Crisp toward soft constraints P={ x3x3 x4x4 x1x1 x2x2 V, {red,blue,yellow} {blue,yellow} {red,blue} {yellow} D, C={pairwise-different} C, PC, con, def, a} x1x1 x2x2 x3x3 x4x4 combination projection

21 Crisp toward soft constraints x3x3 x4x4 x1x1 x2x2 {red,blue,yellow} {blue,yellow} {red,blue} {yellow} C={pairwise-different} 5$ 3$ 2$ 15$ x1x1 x2x2 x3x3 x4x4 Combination (+) Projection (min) 15$ 13$ Probabilistic Fuzzy Classical Weighted C-semiring :

22 The Semiring Framework A c-semiring is a tuple such that: A is the set of all consistency values and 0, 1  A. 0 is the lowest consistency value and 1 is the highest consistency value; +, the additive operator, is a closed, commutative, associative and idempotent operation such that 1 is its absorbing element and 0 is its unit element; ×, the multiplicative operator, is a closed and associative operation such that 0 is its absorbing element, 1 is its unit element and × distributes over +. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar 1997.

23 Semiring-based Constraints Given a semiring, an ordered set of variables V over a finite domain D, a constraint is a function which maps an assignment  of the variables in the support of c, supp(c) to an element of A. Notation c  represents the constraint function c evaluated under instantiation , returning a semiring value. Given two constraints c 1 and c 2, their combination is defined as (c 1  c 2 )  = c 1  ×c 2 . The operation  C represents the combination of a set of constraints C. a · b iff a+b=b c 1 v c 2 iff 8  c 1  · c 2  Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002.


Download ppt "Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under."

Similar presentations


Ads by Google