Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Security Models and Architecture
Access Control Intro, DAC and MAC System Security.
Secure Operating Systems Lesson 0x11h: Systems Assurance.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Security Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 15, 2004.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
7/15/2015 7:56 AM Lecture 3: Policy James Hook CS 591: Introduction to Computer Security.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
I NFORMATION S ECURITY : S ECURITY P OLICIES (C HAPTER 4) Dr. Shahriar Bijani Shahed University.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 5 September 27, 2007 Security Policies Confidentiality Policies.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.
Cryptography, Authentication and Digital Signatures
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they cover –Policy languages The nature of mechanisms –Types Underlying both.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
CMSC 414 Computer (and Network) Security Lecture 11 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 1: Introduction Components of computer security Threats Policies.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
12/13/20151 Computer Security Security Policies...
Chapter 5 – Designing Trusted Operating Systems
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 29, 2009 Security Policies Confidentiality Policies.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Privilege Management Chapter 22.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 3 September 13, 2007 Mathematical Review Security Policies.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
INTRO TO COMPUTER SECURITY LECTURE 2 Security Policies M M Waseem Iqbal
Chap 4. Security Policies
CS 395: Topics in Computer Security
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Chapter 1: Introduction
Advanced System Security
Chapter 19: Building Systems with Assurance
Chapter 1: Introduction
IS 2150 / TEL 2810 Introduction to Security
Chapter 4: Security Policies
Chapter 4: Security Policies
Security.
Chapter 6: Integrity Policies
Access Control What’s New?
IS 2150 / TEL 2810 Information Security & Privacy
Computer Security Security Policies
Chapter 4: Security Policies
Definition Of Computer Security
Presentation transcript:

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying both Trust Computer Security: Art and Science © Matt Bishop

Security Policy Policy partitions system states into: Authorized (secure) These are states the system can enter Unauthorized (nonsecure) If the system enters any of these states, it’s a security violation Secure system Starts in authorized state Never enters unauthorized state Breach of security Occurs when a system enters an unauthorized state Computer Security: Art and Science © Matt Bishop

Confidentiality X set of entities, I information I has confidentiality property with respect to X if no x  X can obtain information from I I can be disclosed to others Example: X set of students I final exam answer key I is confidential with respect to X if students cannot obtain final exam answer key Computer Security: Art and Science © Matt Bishop

Integrity X set of entities, I information I has integrity property with respect to X if all x  X trust information in I Types of integrity: trust I, its conveyance and protection (data integrity) I information about origin of something or an identity (origin integrity, authentication) I resource: means resource functions as it should (assurance) Computer Security: Art and Science © Matt Bishop

Availability X set of entities, I resource I has availability property with respect to X if all x  X can access I Types of availability: traditional: x gets access or not quality of service: promised a level of access (for example, a specific level of bandwidth) and not meet it, even though some access is achieved Computer Security: Art and Science © Matt Bishop

Policy versus mechanism A security mechanism is an entity or procedure that enforces some part of the security policy. e.g. a corporation’s policy indicates that all transactions related to a specific product must be completely confidential. Only Alice and Jenny are allowed to perform the transactions on behalf of the clients The data is tape backed-up everyday and the tapes are kept secure in an off-site location. Computer Security: Art and Science © Matt Bishop

Policy Models Abstract description of a policy or class of policies Represents a particular policy or set of policies Computer Security: Art and Science © Matt Bishop

Types of Security Policies Military (governmental) security policy Policy primarily protecting confidentiality Commercial security policy Policy primarily protecting integrity Confidentiality policy Policy protecting only confidentiality Integrity policy Policy protecting only integrity Computer Security: Art and Science © Matt Bishop

Integrity and Transactions Begin in consistent state “Consistent” defined by specification Perform series of actions (transaction) Actions cannot be interrupted If actions complete, system in consistent state If actions do not complete, system reverts to beginning (consistent) state Computer Security: Art and Science © Matt Bishop

Role of “trust” Confidentiality policies No trust in the object itself (can the object be believed?) Policy dictates whether or not the object can be disclosed Integrity policies Indicate how much an object can be trusted. How is the level of trust assigned? e.g.: new version of software is obtained High integrity (trust the vendor) Low integrity (not tested on local system) Medium integrity (trust the vendor, but also test on local system) Integrity policies more dependent on the “trust” factor. Computer Security: Art and Science © Matt Bishop

Trust When one understands the assumptions the security policies, mechanisms, and procedures rest on, then one gets a good understanding how effective those policies, mechanisms, and procedures are. Computer Security: Art and Science © Matt Bishop

Trust in Formal Verification Gives formal mathematical proof that given input i, program P produces output o as specified Suppose a security-related program S formally verified to work with operating system O What are the assumptions? Computer Security: Art and Science © Matt Bishop

Types of Access Control Discretionary Access Control (DAC) individual user sets access control mechanism to allow or deny access to an object Identity-based access control (IBAC) Mandatory Access Control (MAC) system mechanism controls access to object, and individual cannot alter that access Rule-based access control Originator Controlled Access Control (ORCON) originator (creator) of information controls who can access information Computer Security: Art and Science © Matt Bishop

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.