Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

Similar presentations

Presentation on theme: "CSE331: Introduction to Networks and Security Lecture 34 Fall 2002."— Presentation transcript:

1 CSE331: Introduction to Networks and Security Lecture 34 Fall 2002

2 CSE331 Fall 20022 Announcements Project 4 Deadline Extended –Due: Monday, December 9 th December 9 th Review Session Final Exam Location –Moore 212 –Tues. 17 Dec. –8:30 – 10:30 AM

3 CSE331 Fall 20023 Recap Malicious Programs –Trapdoors –Trojan horses –Salami attacks –Information leaks from covert channels Today –Multilevel security –Course Evaluations

4 CSE331 Fall 20024 Classic Security Research The Protection of Information in Computer Systems –Jerome H. Saltzer and Michael D. Schroeder –1975 Proceedings of the IEEE –

5 CSE331 Fall 20025 Access Control Discretionary: The individual user may, at his own discretion, determine who is authorized to access the objects he creates. Mandatory: The creator of an object does not necessarily have the ability to determine who has authorized access to it.

6 CSE331 Fall 20026 Trusted Computing Base TCB: The set of hardware and software components that must be trusted in order for a security policy to be enforced. Minimize the trusted computing base. –Fewer trusted components means less complex implementation, less likely to have errors. –Does fewer components mean more susceptible to attack?

7 CSE331 Fall 20027 Multilevel Security Multiple levels of confidentiality ratings –Used by military and government –Public < Classified < Secret < Top Secret Information flow –Regulate how information is used throughout entire system –A document generated from Classified and Secret information must be rated Secret. –Label creep: Information levels tend to get higher as computation proceeds.

8 CSE331 Fall 20028 Information Flow Security “No read up, no write down.” –Principals are assigned clearance levels drawn from the lattice of security labels. –A principal may read items with lower (or equal) security label. –A principal may write items with higher (or equal) security label.

9 CSE331 Fall 20029 Implementing Multilevel Security Dynamic: –Tag all values in memory with their security level –Operations propagate security levels –Must be sure that tags can’t be modified –Expensive, and approximate Static: –Program analysis

10 CSE331 Fall 200210 Information Flow int{Secret} X; … if (X > 0) then { Y = 1; } else { Y = 0; } //… This computation doesn’t depend on X

11 CSE331 Fall 200211 Government Standards Department of Defense Trusted Computer System Evaluation Criteria (TCSEC) –Known as the Orange Book –Circa 1985

12 CSE331 Fall 200212 TCSEC Ratings Division (D): Minimal Protection –This division contains only one class. It is reserved for those systems that have been evaluated but that fail to meet the requirements for a higher evaluation class. Division (C): Discretionary Protection –Classes in this division provide for discretionary (need-to-know) protection and, through the inclusion of audit capabilities, for accountability of subjects and the actions they initiate.

13 CSE331 Fall 200213 TCSEC Ratings Division (B): Mandatory Protection –The notion of a TCB that preserves the integrity of sensitivity labels and uses them to enforce a set of mandatory access control rules is a major requirement in this division. Systems in this division must carry the sensitivity labels with major data structures in the system. The system developer also provides the security policy model on which the TCB is based and furnishes a specification of the TCB. Evidence must be provided to demonstrate that the reference monitor concept has been implemented.

14 CSE331 Fall 200214 TCSEC Ratings Division (A): Verified Protection –This division is characterized by the use of formal security verification methods to assure that the mandatory and discretionary security controls employed in the system can effectively protect classified or other sensitive information stored or processed by the system. Extensive documentation is required to demonstrate that the TCB meets the security requirements in all aspects of design, development and implementation.

15 CSE331 Fall 200215 Example Rated Software Oracle Corporation Trusted Oracle7 (B1)Trusted Oracle7 Novell, Incorporated NetWare 4.11 (C2)NetWare 4.11 Microsoft Corporation Windows NT, Version 3.5 (C2)Windows NT, Version 3.5

16 CSE331 Fall 200216 TEMPEST Security Transient Electromagnetic Pulse Emanation Standard –(Or?) Temporary Emanation and Spurious Transmission –Emission security (Van Eck phreaking) –computer monitors and other devices give off electromagnetic radiation –With the right antenna and receiver, these emanations can be intercepted from a remote location, and then be redisplayed (in the case of a monitor screen) or recorded and replayed (such as with a printer or keyboard).

17 CSE331 Fall 200217 TEMPEST Policy is set in National Communications Security Committee Directive 4 Guidelines for preventing EM reception –Shield the device (expensive) –Shield a location (inconvenient?) Not a risk? –Most of the guidelines are classified!

Download ppt "CSE331: Introduction to Networks and Security Lecture 34 Fall 2002."

Similar presentations

Ads by Google