Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Access Control Methodologies
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
Robust Declassification Steve Zdancewic Andrew Myers Cornell University.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
1 Clark Wilson Implementation Shilpa Venkataramana.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 5 September 27, 2007 Security Policies Confidentiality Policies.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
1 Announcement: End of Campaign Celebration When: Wednesday, October 1, 15:30 Where: New building site (NW corner 3 rd & University) Please attend and.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
1 Precise Enforcement of Policies After we have a policy, is there always a mechanism to enforce it? If so, can we devise a generic procedure for developing.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they cover –Policy languages The nature of mechanisms –Types Underlying both.
CMSC 414 Computer (and Network) Security Lecture 11 Jonathan Katz.
12/4/20151 Computer Security Security models – an overview.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
12/13/20151 Computer Security Security Policies...
Academic Year 2014 Spring Academic Year 2014 Spring.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 29, 2009 Security Policies Confidentiality Policies.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Privilege Management Chapter 22.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Computer Security: Principles and Practice
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula.
2/1/20161 Computer Security Foundational Results.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 September 23, 2004 Introduction to Computer Security.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 3 September 13, 2007 Mathematical Review Security Policies.
Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
INTRO TO COMPUTER SECURITY LECTURE 2 Security Policies M M Waseem Iqbal
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Chap 4. Security Policies
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Advanced System Security
Basic Security Theorem
IS 2150 / TEL 2810 Introduction to Security
Information Security CS 526
Chapter 4: Security Policies
Chapter 4: Security Policies
Chapter 5: Confidentiality Policies
Chapter 6: Integrity Policies
Access Control What’s New?
IS 2150 / TEL 2810 Information Security & Privacy
Computer Security Security Policies
Chapter 4: Security Policies
Presentation transcript:

Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states –Non-secure (unauthorized) states Secure system: –Starts in authorized state –Can’t enter unauthorized state

Additional Definitions: Breach of security –Transition causing system to enter unauthorized state Let X be a set of entities, I be information. –I has confidentiality with respect to X if no member of X can obtain information on I –I has integrity with respect to X if all members of X trust I –I has availability with respect to X if all members of X can access I Security Policy defines all of the above –Now just need to define obtain, trust, access

Confidentiality Policy What does “obtain” information mean? Formally: information flow –Transfer of rights –Transfer of information without transfer of rights Model often depends on trust –Parts of system where information could flow –Trusted entity must participate to enable flow Highly developed in Military/Government

Integrity Policy Defines how information can be altered –Entities allowed to alter data –Conditions under which data can be altered –Limits to change of data Examples: –Purchase over $1000 requires signature –Check over $10,000 must be signed by two officers Separation of duties Highly developed in commercial world

Availability Policy Defines what it means for information to be accessible –Time limits (quality of service) –Access methods On-line access vs. telephone vs. mail Integrity and availability may interrelate –Fast old copy vs. slow current version

Security Mechanism Policy describes what is allowed Mechanism enforces (part of) policy The two need not be the same! Example Policy: Students should not copy homework –Mechanism: Disallow access to files owned by other users Does mechanism enforce policy? –Is mechanism too strict?

Security Model Security Policy: What is/isn’t authorized Problem: Policy specification often informal –Implicit vs. Explicit –Ambiguity Security Model: Model that represents a particular policy (policies) –Model must be explicit, unambiguous

Trust Trusted Entity –Entity that can violate security What are typical Trusted Entities? –People with access to information –System developers –Hardware –?–? Where does it end?

Common Mechanisms: Access Control Discretionary Access Control (DAC) –Owner determines access rights –Typically identity-based access control: Owner specifies other users who have access Mandatory Access Control (MAC) –Rules specify granting of access –Also called rule-based access control Originator Controlled Access Control (ORCON) –Originator controls access –Originator need not be owner! Role Based Access Control (RBAC) –Identity governed by role user assumes

Policy Languages Security Policy isn’t enough –Need to express it to get Policy Model Policy Language: Means of expression High-level: Independent of mechanisms –Example: Domain-Type Enforcement Language Subjects partitioned into domains Objects partitioned into types Each domain has set of rights over each type Low-level: Acts on mechanisms –Example: Tripwire: Flags what has changed Configuration file specifies settings to be checked History file keeps old (good) example

Creating a Secure System Can we make it secure? –E–Easy! But can we make it precise? Next Time: Model allowing us to capture this secureprecise set of reachable states set of secure states

Modeling Secure/Precise: Confidentiality (Jones and Lipton) What are we modeling? A program –p: I 1  …  I n  R is a program Defined in terms of inputs and outputs –Goal: Determine if p can violate confidentiality Observability –Output of function p(i 1,…,i n ) encodes all available information on inputs i 1,…,i n –Output may include things not normally thought of as part of function result Data accessed Timing Anything that can be observed

Modeling Secure/Precise: Confidentiality Protection Mechanism m: I 1  …  I n  R  E such that: –m(i 1,…,i n ) = p(i 1,…,i n ), or Acceptable result –m(i 1,…,i n )  E Protection violation (result of p would disclose confidential information) Confidentiality Policy for program p: c: I 1  …  I n  A –A  I 1  …  I n is inputs that can be revealed

Modeling Secure/Precise: Confidentiality Secure Program: Given confidentiality policy c for program p, and mechanism m for p –m is secure iff  m’:A  R  E such that  i k  I k, m(i 1, …, i n ) = m’(c(i 1, …, i n )) What does this mean? –Must be able to generate results from non- confidential inputs

Modeling Secure/Precise: Confidentiality m 1 as precise as m 2 if  i k  I k –m 2 (i 1, …, i n ) = p(i 1, …, i n )  m 1 (i 1, …, i n ) = p(i 1, …, i n ) –Write m 1 ≈ m 2 m 1 more precise than m 2 if  i k  I k s.t. –m 1 (i 1, …, i n ) = p(i 1, …, i n ) –m 2 (i 1, …, i n )  p(i 1, …, i n ) –Write m 1 ~ m 2

Modeling Secure/Precise: Confidentiality m 3 = m 1  m 2 defined as –p(i 1, …, i n ) when m 1 (i 1, …, i n ) = p(i 1, …, i n ) or m 2 (i 1, …, i n ) = p(i 1, …, i n ) –else m 1 (i 1, …, i n ) –Less restrictive than either Theorem: if m 1 and m 2 secure, –m 1  m 2 secure –m 1  m 2 ≈ m 1 and m 1  m 2 ≈ m 2

Modeling Secure/Precise: Confidentiality Theorem: if m 1 and m 2 secure, –m 1  m 2 secure –m 1  m 2 ≈ m 1 and m 1  m 2 ≈ m 2 Proof Sketch –Result = result of p Only if same as m 1 or m 2 m 1 and m 2 secure –Result = result of m 1 m 1 secure

Modeling Secure/Precise: Confidentiality Theorem: Given p and c,  a precise, secure mechanism m* such that  secure m for p and c, m* ≈ m –Proof: Induction from previous theorem Theorem: Impossible to construct m* –Proof: Reduction from Halting Problem –c = constant function (reveal no information) –p such that m either non-constant or undefined Non-constant not allowed Undefined corresponds to p halts –Contradiction: Either m non-constant, or we know p halts p defined as in halting problem

Modeling Secure/Precise: Integrity Integrity Policy: Set of valid outputs for given input Mechanism: Given program, policy, produce output allowed by policy –Program output if allowed –Valid output otherwise probably includes error Precision: Does mechanism produce program result whenever allowed?

Next – Confidentiality Policy: Bell-LaPadula Model Formally models military-style classification –Multi-level access control Mandatory Access Control –Clearance Discretionary Access Control –Need to Know First real attempt to model and prove security of real systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.