Access Control Policies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up:

Slides:



Advertisements
Similar presentations
OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
Advertisements

Information Flow and Covert Channels November, 2006.
OS Security Part III.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Access Control Intro, DAC and MAC System Security.
Secure Operating Systems Lesson 0x11h: Systems Assurance.
User Domain Policies.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Cryptography Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Cryptography 11.
Computer Security & OS Lab. DKU May 26 Younsik Jeong Ph.D. Student.
CS426Fall 2010/Lecture 191 Computer Security CS 426 Lecture 19 Discretionary Access Control.
LO2 Understand the key components used in networking
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.
Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.
MLS Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Multi-Level Security 11.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
Dan Fleck CS 469: Security Engineering
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
G53SEC 1 Access Control principals, objects and their operations.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.
Access Control MAC. CSCE Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Trusted Operating Systems
Access Control: Policies and Mechanisms Vinod Ganapathy.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
Policies & MetaPolicies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: How.
Security Models Xinming Ou. Security Policy vs. Security Goals In a mandatory access control system, the system defines security policy to achieve security.
Chapter 8: Principles of Security Models, Design, and Capabilities
Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1.
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
9- 1 Last time ● User Authentication ● Beyond passwords ● Biometrics ● Security Policies and Models ● Trusted Operating Systems and Software ● Military.
SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh
Secure Operating System
CS580 Internet Security Protocols
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Verifiable Security Goals
Protection and Security
Security Models and Designing a Trusted Operating System
Secure Operating System Example: SELinux
Advanced System Security
Information Security CS 526 Topic 16
OM-AM and RBAC Ravi Sandhu*
OS Access Control Mauricio Sifontes.
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Information Security CS 526 Topic 16
Lecture 17: Mandatory Access Control
Computer Security Access Control
Chapter 4: Security Policies
Chapter 5: Confidentiality Policies
Presentation transcript:

Access Control Policies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up: Access Control Policies 11

Access Control Policies The Bell and LaPadula Model is an example of an Access Control Policy. This is a popular way of conceptualizing and implementing security. The basic idea is to introduce rules that control what accesses (i.e., actions) subjects may take with respect to objects. 22 Coming up: Aside: MAC vs. DAC 22

Aside: MAC vs. DAC Specifically, BLP is a mandatory access control system, as distinguished from a discretionary system. Mandatory Access Controls (MAC): rules are enforced on every attempted access, not at the discretion of any system user; Discretionary Access Controls (DAC): rule enforcement may be waived or modified by some users. What that means for BLP is that no access is ever allowed unless it satisfies the Simple Security Property and *-Property. Contrast that with Unix file protection system; Unix implements DAC since file protections can be modified by a file’s owner. 33 Coming up: Access Control Matrix 33

Access Control Matrix In general, any access control policy can be represented by an access control matrix (ACM). Given all subjects and objects in the system, the matrix shows explicitly what accesses are allowed for each subject/object pair. 44 Coming up: BLP Access Control Matrix 44

BLP Access Control Matrix Suppose we had a BLP system with exactly three subjects and objects with the given labels. Suppose also that H > L. The following is the associated access control matrix. SubjectsLevelObjectsLevel Subj1(H,{A,B,C})Obj1(L,{A,B,C}) Subj2(L,{})Obj2(L,{}) Subj3(L,{A,B})Obj3(L,{B,C}) Obj1Obj2Obj3 Subj1RRR Subj2WR,WW Subj3WR- 55 Coming up: Access Control Matrix Using the dominates relationship, which are R, W, both, neither? 55

Access Control Matrix As with any access control policy, you could define an ACM for a large Bell and LaPadula system. However, the matrix would be huge for most realistic systems. The matrix is implicit in the rules (Simple Security and the *- Property), so access permissions can be computed on the fly. 66 Coming up: Real MAC Implementations 66

Real MAC Implementations SELinux has MAC options built into the kernel. These are used by default on Red Had (in a limited way) SUSE and Ubuntu apply MAC using AppArmor which focuses on programs (not users) Windows from Vista forward implements Mandatory Integrity Control (MIC) and Integrity Levels which a user/process acts: Low, medium, high, system, trusted installer Apple’s OS X implements MAC using a TrustedBSD implementation Versions of MAC are quite common, although none are used exclusively! Source: Coming up: Lessons 77

Lessons BLP is an example of a class of policies called “access control policies.” BLP is also an example of a mandatory policy in that the rules are enforced on every attempted access. Any access control policy can be modeled as an explicit matrix. Most current operating systems use MAC in some limited way. 77 End of presentation 88

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.