Presentation is loading. Please wait.

Presentation is loading. Please wait.

Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description."— Presentation transcript:

1 Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description of rules Computer Security: Art and Science ©2002-2004 Matt Bishop

2 Confidentiality Policy  Goal: prevent the unauthorized disclosure of information  Deals with information flow  Integrity incidental  Multi-level security models are best-known examples  Bell-LaPadula Model basis for many, or most, of these Computer Security: Art and Science ©2002-2004 Matt Bishop

3 “Governmental” policies  US Privacy Act  Income tax returns are confidential  Executive privilege  People working in the government must limit the distribution of certain docs and info. Computer Security: Art and Science ©2002-2004 Matt Bishop

4 Bell-LaPadula Model, Step 1  Security levels arranged in linear ordering  Top Secret: highest  Secret  Confidential  Unclassified: lowest  Levels consist of security clearance L(s)  Objects have security classification L(o)  Subjects have security clearance L(s) Computer Security: Art and Science ©2002-2004 Matt Bishop

5 Example security levelsubjectobject Top SecretTamaraPersonnel Files SecretSamuelE-Mail Files ConfidentialClaireActivity Logs UnclassifiedAndrewTelephone Lists Computer Security: Art and Science ©2002-2004 Matt Bishop Tamara can read all files Claire cannot read Personnel or E-Mail Files Andrew can only read Telephone Lists

6 Reading Information  Information flows up, not down  “Reads up” disallowed, “reads down” allowed  Simple Security Condition (Step 1)  Subject s can read object o iff, L(o) ≤ L(s) and s has permission to read o  Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission)  Sometimes called “no reads up” rule Computer Security: Art and Science ©2002-2004 Matt Bishop

7 Writing Information  Information flows up, not down  “Writes up” allowed, “writes down” disallowed  *-Property (Step 1)  Subject s can write object o iff L(s) ≤ L(o) and s has permission to write o  Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission)  Sometimes called “no writes down” rule  If Tamara copies from the Personnel file to an Activity log, then Claire and Samuel can see the data from the Personnel file. Computer Security: Art and Science ©2002-2004 Matt Bishop

8 Basic Security Theorem, Step 1  If a system is initially in a secure state,  and every transition of the system satisfies  the simple security condition, step 1(i.e. “no reads up”,  and the *-property, step 1(i.e. “no writes down”,  then every state of the system is secure Computer Security: Art and Science ©2002-2004 Matt Bishop

9 Bell-LaPadula Model, Step 2  Expand notion of security level to include categories  Security level is (clearance, category set)  Examples  ( Top Secret, { NUC, EUR, ASI } )  ( Confidential, { EUR, ASI } )  ( Secret, { NUC, ASI } ) Computer Security: Art and Science ©2002-2004 Matt Bishop

10 Lattice Computer Security: Art and Science ©2002-2004 Matt Bishop

11 Levels and Lattices  (A, C) dom (A, C) iff A ≤ A and C  C  A – clearance or classification  C – category (also called compartment)  Examples  (Top Secret, {NUC, ASI}) dom (Secret, {NUC})  (Secret, {NUC, EUR}) dom (Confidential,{NUC, EUR})  (Top Secret, {NUC})  dom (Confidential, {EUR}) Computer Security: Art and Science ©2002-2004 Matt Bishop

12 Levels and Ordering  Security levels partially ordered  Any pair of security levels may (or may not) be related by dom  “dominates” serves the role of “greater than” in step 1  “greater than” is a total ordering, though Computer Security: Art and Science ©2002-2004 Matt Bishop

13 Reading Information  Information flows up, not down  “Reads up” disallowed, “reads down” allowed  Simple Security Condition (Step 2)  Subject s can read object o iff L(s) dom L(o) and s has permission to read o  Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission)  Sometimes called “no reads up” rule Computer Security: Art and Science ©2002-2004 Matt Bishop

14 Writing Information  Information flows up, not down  “Writes up” allowed, “writes down” disallowed  *-Property (Step 2)  Subject s can write object o iff L(o) dom L(s) and s has permission to write o  Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission)  Sometimes called “no writes down” rule Computer Security: Art and Science ©2002-2004 Matt Bishop

15 Basic Security Theorem, Step 2  If a system is initially in a secure state, and every transition of the system satisfies the simple security condition, step 2, and the *-property, step 2, then every state of the system is secure Computer Security: Art and Science ©2002-2004 Matt Bishop

16 Problem  Colonel has (Secret, {NUC, EUR}) clearance  Major has (Secret, {EUR}) clearance  Major can talk to colonel (“write up” or “read down”)  Colonel cannot talk to major (“read up” or “write down”)  Clearly absurd! Computer Security: Art and Science ©2002-2004 Matt Bishop

17 Solution  Define maximum, current levels for subjects  maxlevel(s) dom curlevel(s)  Example  Treat Major as an object (Colonel is writing to him/her)  Colonel has maxlevel (Secret, { NUC, EUR })  Colonel sets curlevel to (Secret, { EUR })  Now L(Major) dom curlevel(Colonel)  Colonel can write to Major without violating “no writes down” Computer Security: Art and Science ©2002-2004 Matt Bishop

Download ppt "Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description."

Similar presentations

Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 13: Trusted Computing and Multilevel.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 13: Trusted Computing and Multilevel.
Access Control Methodologies

Access Control Methodologies
I NFORMATION S ECURITY : C ONFIDENTIALITY P OLICIES (C HAPTER 4) Dr. Shahriar Bijani Shahed University.

I NFORMATION S ECURITY : C ONFIDENTIALITY P OLICIES (C HAPTER 4) Dr. Shahriar Bijani Shahed University.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Information Security Principles & Applications Topic 6: Security Policy Models 虞慧群

Information Security Principles & Applications Topic 6: Security Policy Models 虞慧群
1 Confidentiality Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 18, 2004.

1 Confidentiality Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 18, 2004.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
Sicurezza Informatica Prof. Stefano Bistarelli

Sicurezza Informatica Prof. Stefano Bistarelli
User Domain Policies.

User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
April 15, 2004ECS 235Slide #1 Policy Languages Express security policies in a precise way High-level languages –Policy constraints expressed abstractly.

April 15, 2004ECS 235Slide #1 Policy Languages Express security policies in a precise way High-level languages –Policy constraints expressed abstractly.
7/15/2015 5:04 PM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.

7/15/2015 5:04 PM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Similar presentations

Ads by Google