Presentation is loading. Please wait.

Presentation is loading. Please wait.

Complex Security Policies Dave Andersen Advanced Operating Systems Georgia State University.

Published byNoah Evans Modified over 8 years ago

Similar presentations

Presentation on theme: "Complex Security Policies Dave Andersen Advanced Operating Systems Georgia State University."— Presentation transcript:

1 Complex Security Policies Dave Andersen Advanced Operating Systems Georgia State University

2 Part 1 Presentation of Material from Text Book Chapter 8.6.1

3 Stateless vs. State-Dependent Security Policies  The Access Control List (ACL) and Capability List (CL) security models are stateless. Properties remain fixed unless explicitly changed by the server.  Complex Access Control Policies are state dependent. Authorization of access depends on subjects past history and interaction with other objects. [1998 Chow and Johnson]

4 Information Flow Control  When information flow is built on lattices information can only flow between components of the lattice in the direction the lattice permits.  Flow properties of the lattice model include: Transitivity: A->B and B->C implies A->C Aggregation: A->C and B->C implies A U B ->C Separability: A U B ->C implies A->C and B->C  Some applications require information flow which violates properties of the lattice. [1998 Chow and Johnson]

5 Exceptions to Lattice Model [1998 Chow and Johnson]

6 Example of a Complex Access Control Policy Computer Automated Bank Loan Application Only clerk(S 1 ) can prepare loan application (write permissions for object O). One of two bank officers, the manager (S 2 ) or accountant (S 3 ) (but not both) must approve the application (append permissions). Approved loan is the appended with electronic check signed by both bank manager (S 2 ) and cashier (S 4 ).

7 Graphical Representation [1998 Chow and Johnson]

8 Security Issues  Only subjects with write permissions can alter electronic document.  Must be able to authenticate digital signatures.  Enforce a transitivity exception to write access: clerk cannot alter document once it has been approved.  Enforce sequence order of writes: application, approval, then check.  Enforce aggregation exception: either manager or accountant approves loan, not both (and therefore once approved by one it cannot be disapproved by another).  Check must be signed by both manager and cashier (separation exception). [1998 Chow and Johnson]

9 Challenge: Simple Model for Implementing Complex Policy  First two issues (write permissions and digital signatures) are solved.  As of book publishing – solution doesn’t exist for the others.  First Possibility - Maintain Finite State Machines for each object. Unfortunately, not simple or efficient.  Second Possibility: Boolean representation of access rules. ACE w (O) = A+ B XOR C + B AND D Achieves simplicity and efficiency, but lacks state information for proper rule enforcement. [1998 Chow and Johnson]

10 Storing State Information  Storing State Information on Server File must be updated with each access.  Storing State Information on Client: Eliminates need to update file with every access. But, may affect clients ability to access other objects. And, difficult to propagate state information to other clients.  Author’s Conclusion: Use Server.

11 Part 2 Current Research

12  A Software Architecture for Automatic Security Policy Enforcement in Distributed Systems [2007 Hamdi, Bouhoula, Mosbah]  Authors propose: Policy Specification Tool Enforcement and Verification Engine Automatically Generated Enforcement Mechanisms

13 Policy Programming Language  PPL is used to define the policies and rules that apply to an object or group of objects and the actions that should be taken when a constraint is matched.  Uses Backus–Naur Form (BNF) Syntax

14 Proposed System Architecture [2007 Hamdi, Bouhoula, and Mosbah]

15 Policy Enforcement  Portability - PPL is compiled into monitors and configurations for a specific system platform.  PPL compilation allows for the detection of policy conflicts.  All security checks and state management operations occur at entry and exit of policy enforcement point.

16 Part 3 Future Directions

17 Automated Security Testing? Security Policies can be very complex— Can a program/system be developed to either prove or disprove (find security holes) in a set of rules or policies of a given system.

18 References  Randy Chow and Theodore Johnson, Distributed Operating Systems & Algorithms, Addison Wesley Longman, Inc., Reading, MA, 1997.  H. Hamdi, A. Bouhoula, M. Mosbah, “A Software Architecture for Automatic Security Policy Enforcement in Distributed Systems”, SecureWare 2007, The International Conference on Emerging Security Information Systems and Technologies, October 14-20, 2007, pages 187-192.

19 Questions?

Download ppt "Complex Security Policies Dave Andersen Advanced Operating Systems Georgia State University."

Similar presentations

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,

Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,
Copyright © 1998 by Addison Wesley Longman, Inc. 1 Chapter One Preliminaries, including –Why study PL concepts? –Programming domains –PL evaluation criteria.

Copyright © 1998 by Addison Wesley Longman, Inc. 1 Chapter One Preliminaries, including –Why study PL concepts? –Programming domains –PL evaluation criteria.
Issues Relevant To Distributed Security xuhong Zhang.

Issues Relevant To Distributed Security xuhong Zhang.
Vinay Kumar Madhadi 10/28/2009 CSC-8320. Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.

Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
By Mary Anne Poatsy, Keith Mulbery, Eric Cameron, Jason Davidson, Rebecca Lawson, Linda Lau, Jerri Williams Chapter 9 Fine-Tuning the Database 1 Copyright.

By Mary Anne Poatsy, Keith Mulbery, Eric Cameron, Jason Davidson, Rebecca Lawson, Linda Lau, Jerri Williams Chapter 9 Fine-Tuning the Database 1 Copyright.
8.2 Discretionary Access Control Models Weiling Li.

8.2 Discretionary Access Control Models Weiling Li.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Mi-Joung choi, Hong-Taek Ju, Hyun-Jun Cha, Sook-Hyang Kim and J

Mi-Joung choi, Hong-Taek Ju, Hyun-Jun Cha, Sook-Hyang Kim and J
1 SWE 205 - Introduction to Software Engineering Lecture 22 – Architectural Design (Chapter 13)

1 SWE Introduction to Software Engineering Lecture 22 – Architectural Design (Chapter 13)
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.

©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Application architectures

Application architectures
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.

©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.
Agent-Based Acceptability-Oriented Computing International Symposium on Software Reliability Engineering Fast Abstract by Shana Hyvat.

Agent-Based Acceptability-Oriented Computing International Symposium on Software Reliability Engineering Fast Abstract by Shana Hyvat.
Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Similar presentations

Ads by Google