Lecture 2: Security Policy Models Fred Chong CS290N Architectural Support for Secure and Reliable Computing.

Slides:

Advertisements

Similar presentations

Information Flow and Covert Channels November, 2006.

Advertisements

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

Access Control Intro, DAC and MAC System Security.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Open-MS (Open-Management System) Ethan Hann

MITP 458 Application Layer Security By Techjocks.

Verifiable Security Goals

Chapter 8 Multilateral Security Information flowing across boundaries.

1 Clark Wilson Implementation Shilpa Venkataramana.

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Policy, Models, and Trust 1. Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact.

Network Security and Personally Managed Computers Jordan K. Wiens Copyright Jordan K. Wiens 2004.

Lecture 3: Access Control Fred Chong CS290N Architectural Support for Secure and Reliable Computing.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

FORESEC Academy FORESEC Academy Security Essentials (II)

J Carpenter & lecture & Information Security 2008 Lecture 5 Access Control, Security Models.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.

Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Blueberry Software IT Security Audit Results. Results: Good.

Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.

Chapter 5 Network Security

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.

Secui.com Goh, Kyeongwon Secui.com Goh, Kyeongwon GRID Security Infrastructure

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Why is it important to back up your work/information? If you do not back up your work or information then your data might be lost when your computer clashes.

Desktop Security: Making Sure Your Office Environment is Secure.

Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.

Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.

Policy, Models, and Trust

Mandatory Access Control

Exam 2 Review CS461/ECE422 Fall Exam guidelines Same as for first exam A single page of supplementary notes is allowed  8.5x11. Both sides. Write.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.

Janis Buikauskis Joe Kubena Kyle Nelson Chris Schrader.

Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

April 2002Information Systems Design John Ogden & John Wordsworth FOI: 1 Database Design File organisations and indexes John Wordsworth Department of Computer.

Exam 2 Review CS461/ECE422 Fall Exam guidelines Same as for first exam A single page of supplementary notes is allowed  8.5x11. Both sides. Write.

Cloud Computing By Reedy McGeady. What is Cloud Computing? Cloud Computing is using another organisations computer, which are known as hosts.

Chapter 8: Principles of Security Models, Design, and Capabilities

Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.

EN Lecture Notes Spring 2016 ACCESS CONTROL MODELS.

CS526Topic 19: Integrity Models1 Information Security CS 526 Topic 19: Integrity Protection Models.

Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

CS580 Internet Security Protocols

This presentation has been IRM protected by policy.

Hotspot Shield Protect Your Online Identity

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.

Cyber Security Awareness Workshop

Information Flow Control

CS580 Internet Security Protocols

Security Issues.

Operating Systems Security

Unit 1: Introduction to Operating System

Functions of an operating system

DATA COMMUNICATION Lecture-3.

Computer Security.

DATABASE SECURITY For CSCL (BIM).

Week1 software - Lecture outline & Assignments

USN Introduction Computer Engineering Sejin Oh.

Computer Security Damian Gordon.

Presentation transcript:

Lecture 2: Security Policy Models Fred Chong CS290N Architectural Support for Secure and Reliable Computing

Multi-Level vs Multi-Lateral Policies

Bell-La Padua Policy

BLP vs BIBA

Biba

Example: BLP password file protection Password file is “high” Network reads and writes are “low” Malware from the network is “low,” can’t read password file (read of “high” from “low”) Even if Malware becomes “high” somehow, can’t write password data to the network (write of “high” to “low”)

Example: Biba protects system files System files are “high” Malware from the network is “low” Malware can’t write to system files (“low” writes to “high”) Hardware dynamic information flow tracking techniques (taint tracking) implement Biba

Chinese Wall

BLP vs Chinese Wall

Clark-Wilson

BLP vs Clark-Wilson

BLP with Codewords “Need to know” A Lattice Model

BMA medical record policy