Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.

Slides:



Advertisements
Similar presentations
George Mason University
Advertisements

ACCESS-CONTROL MODELS
11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Information Flow and Covert Channels November, 2006.
ISA 562 Information System Security
Lecture 8 Access Control (cont)
Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
I NFORMATION S ECURITY : C ONFIDENTIALITY P OLICIES (C HAPTER 4) Dr. Shahriar Bijani Shahed University.
Security Models and Architecture
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.
1 Confidentiality Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 18, 2004.
Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Verifiable Security Goals
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Sicurezza Informatica Prof. Stefano Bistarelli
Information Systems Security Security Architecture Domain #5.
User Domain Policies.
1 TOPIC THE CHINESE WALL LATTICE Ravi Sandhu. 2 CHINESE WALL POLICY Example of a commercial security policy for confidentiality Mixture of free choice.
7/15/2015 5:04 PM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
MANDATORY FLOW CONTROL Xiao Chen Fall2009 CSc 8320.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
1 Introduction to Information Security , Spring 2014 Lecture 3: Access control (cont.) Eran Tromer Slide credits: John Mitchell, Stanford Max.
1 Confidentiality Policies September 21, 2006 Lecture 4 IS 2150 / TEL 2810 Introduction to Security.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.
CSC 386 – Computer Security Scott Heggen. Agenda Bell-LaPadula Model of Computer Security.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
1 Grand Challenges in Authorization Systems Prof. Ravi Sandhu Executive Director and Endowed Chair November 14, 2011
Chapter 5 Network Security
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.
1 ISA 562 Internet Security Theory and Practice Midterm Exam Review.
CMSC 414 Computer (and Network) Security Lecture 11 Jonathan Katz.
Access Control MAC. CSCE Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:
Lattice-based Access Control Models 2 Daniel Trivellato.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
12/4/20151 Computer Security Security models – an overview.
Information Security CS 526 Topic 17
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 29, 2009 Security Policies Confidentiality Policies.
Materials credits: M. Bishop, UC Davis T. Jaeger, Penn State U.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
A Lattice Model of Secure Information Flow By Dorothy E. Denning Presented by Drayton Benner March 22, 2000.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
Security Models Xinming Ou. Security Policy vs. Security Goals In a mandatory access control system, the system defines security policy to achieve security.
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
Chapter 8: Principles of Security Models, Design, and Capabilities
Access Control Models Sandro Etalle slides by Daniel Trivellato.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
9- 1 Last time ● User Authentication ● Beyond passwords ● Biometrics ● Security Policies and Models ● Trusted Operating Systems and Software ● Military.
TOPIC: Web Security Models
Verifiable Security Goals
Mandatory Access Control (MAC)
Past, Present and Future
Executive Director and Endowed Chair
Basic Security Theorem
Mandatory Access Control (MAC)
Confidentiality Models
An information flow model FM is defined by
IS 2150 / TEL 2810 Information Security & Privacy
Presentation transcript:

Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch

Motivation Examine the theoretical foundations of lattice-based access control Show how the basic security objectives of confidentiality, integrity and availability are related to information flow policy Relevancy of models to commercial applications Support for the Chinese Wall argument

Background 1975 Bell-LaPadula – “Secure Computer Systems: Mathematical Foundations and Model” 1976 Denning – “A Lattice Model of Secure Information Flow” 1977 Biba – “Integrity Considerations for Secure Computer Systems” 1989 Chinese Wall – “The Chinese Wall Security Policy” 1992 Sandhu – “Lattice-Based Enforcement of Chinese Walls” 1993 Sandhu – “Lattice-Based Access Control Models”

Security Models Bell-LaPadula – Confidentiality Biba – Integrity Chinese Wall (Brewer-Nash) – Conflict of Interest

Lattice Model Denning – 1976 Purpose – Guarantee Secure Information Flow Use mathematical framework to formulate requirements Unify all systems that restrict information flow Lead to automatic certification programs Denning uses a set of axioms to limit program code that will violate security classes Sandhu uses the axioms to control information flow at the model level

Denning Lattice Model Denning’s Flow Model – FM = where: N = Objects P = Processes SC = Security Classes  = Join operation on SC  = Can-flow relation on SC Assumption is static security classes (not objects)

Denning Lattice Example : High-Low policy (H  H) H  H = H (L  L) L  L = L (L  H) L  H = H (H not  L) H  L = H

Dennings Axioms 1. The set of security classes is finite 2. The can-flow relation, , is a partial order on SC 3. SC has a lower bound with respect to  4. The join operator, , is a totally defined least upper bound operator

Information Flow Definitions 1. Information Flow Policy - 2. Denning’s axioms 3. Dominance – A  B if and only if B  A.

Sandhu Definitions Users – Humans Subjects – Processes Objects – files Access matrix – subject X objects Cell [s,o] = access rights Owner can modify cell – discretionary

Bell-LaPadula Model Begin with discretionary control Add authorization policy without user control (security labels) Object – security classification User – security clearance Tranquility – User cannot change labels

Bell-LaPadula Model Simple security property – (human or process) s reads o only if (s)  (o) or (o)  (s) *- security property – (process) s reads o only if (s)  (o) or (s)  (o) Covert channels out of scope

Biba Model Flow from top to bottom Simple integrity property – s reads o only if  (s)   (o) Integrity * property – (process) s reads o only if  (s)   (o)

Combining BLP and Biba Subject s can read object o only if (s)  (o) and  (s)   (o) Subject s can write object o only if (s)  (o) and  (s)   (o) Can make a single lattice but you would have to reverse the hierarchy and rules of either BLP or Biba

Conclusions By applying the Denning’s lattice model axioms to BLP and Biba, information flow can be clearly defined. The axioms cannot take into effect the problem with covert channels The lattice is considered to be static The paper focus is on the correctness of the lattice, not so much on the application to BLP and Biba

Discussion Does Sandhu adequately describe the lattice-based control using the semantics from Denning? Are there systems that use a single lattice with both BLP and Biba? How much of a performance hit is caused by covert channels? Can the lattice handle the management of the access control in BLP?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.