Chapter 5 – Designing Trusted Operating Systems

Slides:



Advertisements
Similar presentations
Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Advertisements

Information Flow and Covert Channels November, 2006.
Operating System Security
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Lecture 8 Access Control (cont)
Trusted vs. secure software
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Verifiable Security Goals
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.
User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Policy, Models, and Trust 1. Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Trusted System? What are the characteristics of a trusted system?
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Week 8 - Wednesday.  What did we talk about last time?  Authentication  Challenge response  Biometrics  Started Bell-La Padula model.
Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Chapter 5 Network Security
Chapter 18: Introduction to Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 6: Integrity Policies  Overview  Requirements  Biba’s models  Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
CMSC 414 Computer (and Network) Security Lecture 11 Jonathan Katz.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Integrity Policies Murat Kantarcioglu.
12/4/20151 Computer Security Security models – an overview.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
A security policy defines what needs to be done. A security mechanism defines how to do it. All passwords must be updated on a regular basis and every.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
Dr. Jeff Teo Class 4 July 2, Deliverables Lecture on Trusted Computing: Evolution and Direction Review of students’ blogs and assignments Summarize.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.
Chapter 8: Principles of Security Models, Design, and Capabilities
Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.
6/22/20161 Computer Security Integrity Policies. 6/22/20162 Integrity Policies Commercial requirement differ from military requirements: the emphasis.
CS526Topic 19: Integrity Models1 Information Security CS 526 Topic 19: Integrity Protection Models.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
TOPIC: Web Security Models
TCSEC: The Orange Book.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Security Models and Designing a Trusted Operating System
Operating Systems Security
Advanced System Security
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
CS703 - Advanced Operating Systems
Chapter 6: Integrity Policies
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Chapter 4: Security Policies
Computer Security Integrity Policies
Advanced System Security
Presentation transcript:

Chapter 5 – Designing Trusted Operating Systems What makes an operating system “secure”? Or “trustworthy? How are trusted systems designed, and which of those design principles carry over naturally to other program development tasks? How do we develop “assurance” of the correctness of a trusted operating systems?

Designing Trusted Operating Systems Primitive security services Memory protection File protection General object access control User authentication OS is trusted if we have confidence that it provides these four services in a consistent and effective way.

What is a trusted system? Secure Trusted Either-or: something either is or is not secure Graded: There are degrees of “trustworthiness Property of presenter Property of receiver Asserted based on product characteristics Judged based on evidence and analysis Absolute: not qualified as to how, where, when, or by whom used Relative: viewed in context of use A goal A characteristic

What is a trusted system? Trusted process – process that can affect system security Trusted product – evaluated and approved product Trusted software- software portion of system that can be relied upon to enforce security policy Trusted computing base – set of all protection mechanisms within a computing system that enforce a nified security policy Trusted system – system that employs sufficient hardware and software integrity measures to allow its use for processing sensitive information

Security Policies security policy – statement of security we expect the system to enforce Military Security Policy based on protecting classified information Information access is limited by need-to-know rule Each piece of classified info is associated with a compartment

Military Security Policy Class (classification) - <rank; compartment> Clearance - indication that person is trusted to access info up to a certain level of sensitivity Dominance – s <= O iff ranks <= ranko and compartmentss <= compartmentso Clearance level of subject is at least as high as that of the information Subject has a need to know about all compartments for which the information is classified.

Commercial Security Policies Data items at any level may have different degrees of sensitivity (public, proprietary, internal) No formalized notion of clearances No dominance function for most commercial information access

Clark-Wilson Commercial Security Policy Well-formed transactions – perform steps in order, exactly as listed & authenticating the individuals who perform the steps Goal – maintain consistency between internal data and external expectations of the data Process constrained data items by transformation procedures <userID, TPi, {CDIj, CDIk, …}>

Commercial Security Policy Separation of duty – division of responsibilities (manual system) Chinese Wall Security Policy – Confidentiality Policy Objects (e.g. files) Company Groups (all objects concerning a particular company) Conflict classes (cluster competing companies)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.