Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 Network Security

Published bySharleen Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 5 Network Security"— Presentation transcript:

1 Chapter 5 Network Security
Chapter 5 – Designing Trusted Operating Systems

2 In this section What is a trusted system? Security Policy Models
Military Commercial Clark-Wilson Separation of Duty Chinese Wall Models Lattice Model Bell-La Padula Biba Graham-Denning Take-Grant

3 Designing Trusted OS Primary security in computing systems
Memory File Objects/Access Control User Authentication Trusted – We are confident that services are provided consistently and effectively

4 Making of a trusted OS Policy – requirements statement of what is should do Model – model of the environment to be secured; represents the policy to be enforced Design – the means of implementation; functionality and construction Trust – assurance of meeting expectation through the features offered

5 What is a trusted system?
What makes something secure? For how long? Trusted Software – rigorously developed and analyzed Key Characteristics of Trusted Software: Functional Correctness Enforcement of Integrity Limited Privilege Appropriate Confidence Level We speak in terms of trusted and not secure

6 Many types of Trust: Through: Trusted Process Trusted Product
Trusted Software Trusted Computing Base Trusted System Through: Enforcement of Security Policy Sufficiency of Measures and Mechanism Evaluation

7 Security Policy Security Policy – statement of the security we expect the system to enforce A trusted system can be trusted only in relation to its security policy…. To the security needs the system expected to satisfy

8 Military Security Policy
Basis of many OS security policies Based on protecting classified information Top Secret (most sensitive), Secret, Confidential, Restricted, Unclassified (least sensitive) Limited by the Need-to-Know rule: Access is allowed only to subjects who need to know data to perform job. Compartments- classification information may be associated with one or more projects describing the subject matter of the information

9

10

11 Classification - <rank; compartments>
This enforces need-to-know both by security level and by topic Clearance – person is trusted to access information up to a given level of sensitivity with need-to-know Dominance, on a set of Objects (0) and Subjects (s) s ≤ o if and only if rank(s) ≤ rank (0) and compartments (s) ⊆ compartments(0) We say 0 dominates s (or s is dominated by o) Dominance is used to limit the sensitivity and content of information a subject can access As subject can read an object only if: clearance level of the subject is at least as high as the information Subject has a need-to-know about all compartments for which the information is classified

12 Commercial Security Policies
Worried about espionage Degrees of sensitivity: Public Proprietary Internal No dominance function for most commercial policies since no formal clearance is needed Integrity and availability are just, not if more, important than confidentiality

13 Clark-Wilson Commercial Security Policy
This is based on Integrity Policy on well-formed transactions Sequence of activities Performing steps in order, performing exactly the steps listed, and authentication of individuals in the steps (well-formed transactions) Goal: maintain consistency between internal data and external (users’) expectation of data Constrained data items which are processed by transformation procedures

14 Separation of Duty The required division of responsibilities is called separation of duty Accomplished manually by means of dual signatures

15 Chinese Wall Security Policy
Used in legal, medical, investment and accounting firms Addresses the conflict of interest Security Policy Builds on: Objects – low level Company Groups – mid level Conflict Classes – high level, groups of objects of competing companies are clusterd

16

17 Models of Security Security Models are used to:
Test a particular policy for completeness and consistency Document policy Help conceptualize and design an implementation Check whether an implementation meets its requirements Policy is established outside any model Model is only a mechanism that enforces the policy

18 Multilevel Security Build a model to represent a range of sensitivities and to reflect the need to separate subjects rigorously from objects to which they should not have access The generalized model is called the Lattice Model of Security

19 Bell-La Padula Confidentiality Model
Formal description of allowable paths of flow in a secure system Formalization of the military security policy Two properties: Simple Security Property – A subject s may have read access to object o only if C(o) ≤ C(s) *-Property – A subject s who has read access to an object o may have write access to an object p only if C(o) ≤ C(p) C(s) – clearance; c(0) classification Write-down – high level subjects transfers high level data to a low level object (prevented by star property)

20 Figure 5-7  Secure Flow of Information.

21 Biba Integrity Model Bell-La Padula model applies only to secrecy
Biba is about Integrity and defines integrity levels Properties: Simple Integrity Property – Subject s can modify (have write access to) object o only if I(s) ≥ I(o) *-Property – if subject s has read access to object o with integrity level I(0), s can have write access to object p only if I(o) ≥ I(p) [write-down] Totally ignores secrecy

22 Graham-Denning Model Formal System of Protection Rules
Access Control Mechanism (matrix) of a protection system Eight Privative Protection Rights Create object, Create subject, Delete object and Delete subject Read Access Grant Access Delete Access Right Transfer Access Right Matrix: A[s,o]

23 Take-Grant Systems Four primitives: create, revoke, take and grant

Download ppt "Chapter 5 Network Security"

Similar presentations

Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Access Control Methodologies

Access Control Methodologies
Trusted vs. secure software

Trusted vs. secure software
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.
User Domain Policies.

User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
Policy, Models, and Trust 1. Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact.

Policy, Models, and Trust 1. Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Trusted System? What are the characteristics of a trusted system?

Trusted System? What are the characteristics of a trusted system?

Similar presentations

Ads by Google