Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

Published byAbel Abbott Modified over 9 years ago

Similar presentations

Presentation on theme: "CSE331: Introduction to Networks and Security Lecture 34 Fall 2002."— Presentation transcript:

1 CSE331: Introduction to Networks and Security Lecture 34 Fall 2002

2 CSE331 Fall 20022 Announcements Project 4 Deadline Extended –Due: Monday, December 9 th December 9 th Review Session Final Exam Location –Moore 212 –Tues. 17 Dec. –8:30 – 10:30 AM

3 CSE331 Fall 20023 Recap Malicious Programs –Trapdoors –Trojan horses –Salami attacks –Information leaks from covert channels Today –Multilevel security –Course Evaluations

4 CSE331 Fall 20024 Classic Security Research The Protection of Information in Computer Systems –Jerome H. Saltzer and Michael D. Schroeder –1975 Proceedings of the IEEE –http://cap-lore.com/CapTheory/ProtInf/

5 CSE331 Fall 20025 Access Control Discretionary: The individual user may, at his own discretion, determine who is authorized to access the objects he creates. Mandatory: The creator of an object does not necessarily have the ability to determine who has authorized access to it.

6 CSE331 Fall 20026 Trusted Computing Base TCB: The set of hardware and software components that must be trusted in order for a security policy to be enforced. Minimize the trusted computing base. –Fewer trusted components means less complex implementation, less likely to have errors. –Does fewer components mean more susceptible to attack?

7 CSE331 Fall 20027 Multilevel Security Multiple levels of confidentiality ratings –Used by military and government –Public < Classified < Secret < Top Secret Information flow –Regulate how information is used throughout entire system –A document generated from Classified and Secret information must be rated Secret. –Label creep: Information levels tend to get higher as computation proceeds.

8 CSE331 Fall 20028 Information Flow Security “No read up, no write down.” –Principals are assigned clearance levels drawn from the lattice of security labels. –A principal may read items with lower (or equal) security label. –A principal may write items with higher (or equal) security label.

9 CSE331 Fall 20029 Implementing Multilevel Security Dynamic: –Tag all values in memory with their security level –Operations propagate security levels –Must be sure that tags can’t be modified –Expensive, and approximate Static: –Program analysis

10 CSE331 Fall 200210 Information Flow int{Secret} X; … if (X > 0) then { Y = 1; } else { Y = 0; } //… This computation doesn’t depend on X

11 CSE331 Fall 200211 Government Standards Department of Defense Trusted Computer System Evaluation Criteria (TCSEC) –Known as the Orange Book –Circa 1985

12 CSE331 Fall 200212 TCSEC Ratings Division (D): Minimal Protection –This division contains only one class. It is reserved for those systems that have been evaluated but that fail to meet the requirements for a higher evaluation class. Division (C): Discretionary Protection –Classes in this division provide for discretionary (need-to-know) protection and, through the inclusion of audit capabilities, for accountability of subjects and the actions they initiate.

13 CSE331 Fall 200213 TCSEC Ratings Division (B): Mandatory Protection –The notion of a TCB that preserves the integrity of sensitivity labels and uses them to enforce a set of mandatory access control rules is a major requirement in this division. Systems in this division must carry the sensitivity labels with major data structures in the system. The system developer also provides the security policy model on which the TCB is based and furnishes a specification of the TCB. Evidence must be provided to demonstrate that the reference monitor concept has been implemented.

14 CSE331 Fall 200214 TCSEC Ratings Division (A): Verified Protection –This division is characterized by the use of formal security verification methods to assure that the mandatory and discretionary security controls employed in the system can effectively protect classified or other sensitive information stored or processed by the system. Extensive documentation is required to demonstrate that the TCB meets the security requirements in all aspects of design, development and implementation.

15 CSE331 Fall 200215 Example Rated Software Oracle Corporation Trusted Oracle7 (B1)Trusted Oracle7 Novell, Incorporated NetWare 4.11 (C2)NetWare 4.11 Microsoft Corporation Windows NT, Version 3.5 (C2)Windows NT, Version 3.5

16 CSE331 Fall 200216 TEMPEST Security Transient Electromagnetic Pulse Emanation Standard –(Or?) Temporary Emanation and Spurious Transmission –Emission security (Van Eck phreaking) –computer monitors and other devices give off electromagnetic radiation –With the right antenna and receiver, these emanations can be intercepted from a remote location, and then be redisplayed (in the case of a monitor screen) or recorded and replayed (such as with a printer or keyboard).

17 CSE331 Fall 200217 TEMPEST Policy is set in National Communications Security Committee Directive 4 Guidelines for preventing EM reception –Shield the device (expensive) –Shield a location (inconvenient?) Not a risk? –Most of the guidelines are classified!

Download ppt "CSE331: Introduction to Networks and Security Lecture 34 Fall 2002."

Similar presentations

Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Security Controls – What Works

Security Controls – What Works
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CSE331: Introduction to Networks and Security Lecture 35 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 35 Fall 2002.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.
Applied Cryptography for Network Security

Applied Cryptography for Network Security

Similar presentations

Ads by Google