Chapter 4: Security Policies

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Access Control Methodologies
Access Control Intro, DAC and MAC System Security.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Security Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 15, 2004.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
7/15/2015 7:56 AM Lecture 3: Policy James Hook CS 591: Introduction to Computer Security.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza TE computer.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Cryptography, Authentication and Digital Signatures
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they cover –Policy languages The nature of mechanisms –Types Underlying both.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 1: Introduction Components of computer security Threats Policies.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
12/13/20151 Computer Security Security Policies...
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 29, 2009 Security Policies Confidentiality Policies.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Privilege Management Chapter 22.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
INTRO TO COMPUTER SECURITY LECTURE 2 Security Policies M M Waseem Iqbal
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Information Security and Privacy By: Joshua Waibel.
Chap 4. Security Policies
CS 395: Topics in Computer Security
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Protection and Security
Chapter 1: Introduction
COMPUTER SECURITY CONCEPTS
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
NET 311 Information Security
Computer and Network Security
Advanced System Security
Chapter 1: Introduction
Chapter 1: Introduction
Chapter 4: Security Policies
Chapter 4: Security Policies
Security.
Chapter 6: Integrity Policies
Introduction to Cryptography
Access Control What’s New?
IS 2150 / TEL 2810 Information Security & Privacy
Computer Security Security Policies
Definition Of Computer Security
Chapter 5 Computer Security
Presentation transcript:

Chapter 4: Security Policies 4.2 Types of Security Policies 4.3 The Role of Trust 4.4 Types of Access Control Introduction to Computer Security ©2004 Matt Bishop

Security Policy Definition: a security policy is a statement that partitions system states into: Authorized (secure) These are states the system can enter Unauthorized (nonsecure) If the system enters any of these states, it’s a security violation

Secure System Definition: a secure system is a system Starts in authorized state Never enters unauthorized state http://www.blog.transmac.eu/wp-content/uploads/2015/06/secure-system-3-big.jpg

Breach of Security t1 s1 s2 t4 s3 t5 s4 t2 t3 Definition: when a system enters an unauthorized state.

Definition 4-4: Confidentiality X set of entities, I information I has confidentiality property with respect to X if no x  X can obtain information from I I can be disclosed to others Example: X set of students I final exam answer key I is confidential with respect to X if students cannot obtain final exam answer key

Definition 4-5: Integrity X set of entities, I information I has integrity property with respect to X if all x  X trust information in I Types of integrity: trust I, its conveyance and protection (data integrity) I information about origin of something or an identity (origin integrity, authentication) I resource: means resource functions as it should (assurance)

Definition 4-6: Availability X set of entities, I resource I has availability property with respect to X if all x  X can access I Types of availability: traditional: x gets access or not quality of service: promised a level of access (for example, a specific level of bandwidth) and not meet it, even though some access is achieved, e.g. service is not provided in a timely manner;

Definition 4-7: Mechanism A security mechanism is an entity or procedure that enforces some part of the security policy; Example: Policy: the statement that no student may copy another student’s homework; Mechanism: file access control; set permission to prevent access to a particular file;

Types of Security Policies Definition 4-9: Military (governmental) security policy Policy primarily protecting confidentiality; Example: information about a military mission; Definition 4-10: Commercial security policy Policy primarily protecting integrity Confidentiality: leak of customer account information; Integrity: modification of customer account balance;

Types of Security Policies Definition 4-11: Confidentiality policy Policy protecting only confidentiality Definition 4-12: Integrity policy Policy protecting only integrity

Types of Access Control Discretionary Access Control (DAC, IBAC) individual user sets access control mechanism to allow or deny access to an object Mandatory Access Control (MAC) system mechanism controls access to object, and individual cannot alter that access Originator Controlled Access Control (ORCON) originator (creator) of information controls who can access information Introduction to Computer Security ©2004 Matt Bishop

Types of Access Control Discretionary Access Control (DAC, IBAC)

Types of Access Control Mandatory Access Control (MAC) system mechanism controls access to object, and individual cannot alter that access

Types of Access Control Originator Controlled Access Control (ORCON) originator (creator) of information controls who can access information; MicroSoft sold you a software: now you are the owner and MicroSoft is the Originator; You, as the owner, can not distribute the software to others; MicroSoft, the originator, decides who can access the software;

DAC vs ORCON Is the Owner the same as the Originator? If yes, then it is DAC; If no, then it is ORCON; In other words, has the originator passed the data to another person? If the originator still owns the data, then it is DAC; otherwise, it is ORCON;

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.