Lecture 2: Security Policy Models Fred Chong CS290N Architectural Support for Secure and Reliable Computing
Multi-Level vs Multi-Lateral Policies
Bell-La Padua Policy
BLP vs BIBA
Biba
Example: BLP password file protection Password file is “high” Network reads and writes are “low” Malware from the network is “low,” can’t read password file (read of “high” from “low”) Even if Malware becomes “high” somehow, can’t write password data to the network (write of “high” to “low”)
Example: Biba protects system files System files are “high” Malware from the network is “low” Malware can’t write to system files (“low” writes to “high”) Hardware dynamic information flow tracking techniques (taint tracking) implement Biba
Chinese Wall
BLP vs Chinese Wall
Clark-Wilson
BLP vs Clark-Wilson
BLP with Codewords “Need to know” A Lattice Model
BMA medical record policy