Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7 Multilevel Security

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 7 Multilevel Security"— Presentation transcript:

1 Chapter 7 Multilevel Security
What can everyone learn from military and government application security

2 Military Huge amount of money spent on research for Computer Science
Products developed will find themselves in commercial applications Commercial systems use multilevel security Multilevel systems also applied where not necessary or required Why study military applications

3 Security Policy What it a Security Policy
Who determines need-to-know and how How is it enforced what are the consequences How do we detect breaches Must clearly and concisely state what the protection are to achieve.

4 Bell-LaPadula Security Policy Model (BLP)
Classifications and Clearances Rules and controls built around these clearances including software Known as MultiLevel Security (MLS) Basic property is information can not flow downward. No Read Up (NRU) No Write Down (NWD) High Water Mark Role based access Control (RBAC) This was developed in 1973 in response to the fact that the air force realized that: Commercial operating systems had poor security Software including OS had bugs that could be explioted malicious code was a growing threat OSs (including Pentagon Command and Control system) was vulnerable to Trojan Horse attacks Wow interesting same things in 1973 as today, interesting NATO moved to a common marking scheme Top Secret Secret Confidential Open These quickly became complex, including new levels and differences with in NATO. Also special code words effect it further No Read Up (NRU) Makes sense you can not read anything at a level of security clearance above you No Write Down (NWD) Concern for malicious code caused this. So no malicious code could be placed somewhere that someone with higher clearance could run it and write data down to lower clearance Interestingly buggy and malicious code is assumed to be a given Processes in MLS systems accumulate the highest property as they move along in time. It starts at an uncleared level, if then read a confidential document is upgraded to that level, since now has that data in memory. And so on, the highest security level of a process is the High Water Mark and everything is written out at that level for protection reasons. The current trend is RBAC where your where the right for performing transactions are based on roles, and mechanisms exist for granting and delegating these roles. Similar to groups currently used in most directory services, in fact you are seeing them move more towards the role terminology.

5 Biba Model Confidentiality integrity are dual concepts
Confidentiality who can read Integrity who can write Often need to protect integrity with no concern for confidentiality Read up Write down Used to build many systems Often called using low-water mark LOMAC Linux extension uses it Railroad passenger info system may read up to switching information but not change it LOMAC will only allow access to things at the low water mark. Is a system process receives network traffic at a lower level it automatically degrades to that level

6 MultiLevel security systems
Secure communications Processor SCOMP 1983 DOD sponsored MLS Unix NRL Pump Logistics information Purple Penelope Future SCOMP developed by Honeywell was derivative of Multics Various MLS compliant versions of Unix were developed, AT&Ts V/MLS on example. Allowed windowing, ie someone at Top-Secret could have open a Top-Secret document and be Composing a Secret document, have each open at once but not be able to cut and paste between them. Naval Research Labs developed a pump. This is used to pump data from a lower level to a higher level with protection from leakage down, see page 148 Military warehouse information may also need to have the same classifications attached to the elements, such as top-secret for nucluear bombs and unclassified for boot laces. Again this much be protected the software to do this has become very costly Purple Penelope NT workstation MLS wrapper. Uses high-water mark version of BLP. Future - MLS industry see’s its tools as important platform for commercial products likely to come under attack. These years of effort have developed products able to with stand many types of attacks

7 What goes wrong Composability Cascade problem Covert channels
Threat from virus Polyinstantiation MLS systems very costly Application software needs to re-written to run on MLS system Others issues pointed out pages Composability – feedback can lead to composition of 2 secure systems being insecure timing issues can lead to the composition of 2 secure systems being insecure. Cascade see diagram page One system can only process top secret and secret, the other can only process unclassified and secret. Connecting them violates this rule Covert Channels – can arise when a high process can signal a low process through a shared device like a hard drive. Got to remember this stuff is just built onto existing hardware. So it could pass information from high to low, if malicious code could be developed to signal this through a hard drive Threat from virus – even with the security of MLS viruses have been written to attack MLS systems Polyinstantiation – if high user creates file named agents and low user tries to also, the error message can give away that there is a high file called agents. Or is high user allocates cargo to ship, low user can not see that information and may think that the ship is empty and try to allocate cargo to the ship. Again preventing this can divulge information.

8 Broader implications of MLS
MLS and it’s development and funding has spun off a lot of useful ideas The biggest hole in secure systems remain people Government and it’s levels of bureaucracy and secrecy will remain an issue for any system

9 Discussion What are some current security models and how are they being used LOMAC and Linux MLS based firewalls

10 Discussion articles http://www.cisilion.com/netforensics.htm
- Firewalls, by "area"             - ecommerce             - inside out             - partners - Intrusion detection             - 40,000 day one - Forensic server product - All outside web content cached             - check for malware before caching - Level 7 switches for load balancing web traffic

11 Discussion articles Google Chinese site: IPv6 Threat modeling
Interesting way to rebel against censorship… Current situation and stance: IPv6 Privacy issues of IPv6 -- Cost of IPv6 -- Older article but great reasons to adopt IPv6. IPv6 addressing scheme Threat modeling

12 List of Resources http://en.wikipedia.org/wiki/Bell-LaPadula_model

13 List of Resources Multi Level Security

14 List of Resources Role Based Access Control

15 List of Resources Biba model http://en.wikipedia.org/wiki/Biba_model

16 List of Resources LOMAC

17 List of Resources SCOMP

18 List of Resources MLS Unix NRL pump/Purple Penelope
NRL pump/Purple Penelope

Download ppt "Chapter 7 Multilevel Security"

Similar presentations

Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Lecture 2 – Multilevel Security Security Computer Science Tripos part 2 Ross Anderson.

Lecture 2 – Multilevel Security Security Computer Science Tripos part 2 Ross Anderson.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 12 Network Security.

Chapter 12 Network Security.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University

The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University
Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?

Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Verifiable Security Goals

Verifiable Security Goals
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Multilevel Security CySecLab Graduate School of Information Security.

Multilevel Security CySecLab Graduate School of Information Security.
Chapter 9 Security 9.1 - 9.3 Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

Chapter 9 Security Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Similar presentations

Ads by Google