Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

Slides:



Advertisements
Similar presentations
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Advertisements

Access Control Methodologies
Access Control Intro, DAC and MAC System Security.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.
6/18/2015 6:46 AM Lecture 3: History and Policy James Hook CS 591: Introduction to Computer Security.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
1 Security Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 15, 2004.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
6/30/2015 5:58 PM Lecture 3: Policy James Hook CS 591: Introduction to Computer Security.
User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
7/15/2015 7:56 AM Lecture 3: Policy James Hook CS 591: Introduction to Computer Security.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 5 September 27, 2007 Security Policies Confidentiality Policies.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.
Cryptography, Authentication and Digital Signatures
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they cover –Policy languages The nature of mechanisms –Types Underlying both.
Chapter 18: Introduction to Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
CMSC 414 Computer (and Network) Security Lecture 11 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 1: Introduction Components of computer security Threats Policies.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
12/13/20151 Computer Security Security Policies...
Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 29, 2009 Security Policies Confidentiality Policies.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Privilege Management Chapter 22.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
Chapt. 10 – Key Management Dr. Wayne Summers Department of Computer Science Columbus State University
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 15: Access Control Mechanisms Dr. Wayne Summers Department of Computer Science Columbus State University
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 3 September 13, 2007 Mathematical Review Security Policies.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
INTRO TO COMPUTER SECURITY LECTURE 2 Security Policies M M Waseem Iqbal
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 24: Auditing Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 7. Hybrid Policies
Chap 4. Security Policies
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
SELinux RHEL5: A benchmark
Advanced System Security
Chapter 14: Representing Identity
Chapter 27: System Security
Ch. 11 – Cipher Techniques Dr. Wayne Summers
Chapter 19: Building Systems with Assurance
Chapter 1: Introduction
Chapter 17: Confinement Problem
IS 2150 / TEL 2810 Introduction to Security
Advanced System Security
Chapter 28: User Security
Chapter 4: Security Policies
Chapter 4: Security Policies
Chapter 29: Program Security
Advanced System Security
Security.
Chapter 6: Integrity Policies
IS 2150 / TEL 2810 Information Security & Privacy
Computer Security Security Policies
Chapter 4: Security Policies
Advanced System Security
Presentation transcript:

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

2 Chapter 4: Security Policies  A security policy is a statement that partitions the states of a system into a set of authorized, or secure, states and a set of unauthorized or nonsecure, states.  A secure system is a system that starts in an authorized state and cannot enter an unauthorized state.  A breach of security occurs when a system enters an unauthorized state.  Information is confidential with respect to a set of entities if none of the entities can obtain any of the information.  Information has the property of integrity with respect to a set of entities if all of the entities trust the information.

3 Security Policies  Information has the property of availability with respect to a set of entities if all of the entities can access the information.  A security mechanism is an entity or procedures that enforces some part of the security policy.  A security model is a model that represents a particular policy or set of policies.

4 4.2 Types of Security Policies  A military security policy (governmental security policy) is a security policy developed primarily to provide confidentiality.  A commercial security policy is a security policy developed primarily to provide integrity. [transaction- oriented integrity security policy]  A confidentiality policy deals only with confidentiality.  An integrity policy deals only with integrity.

5 4.3 The Role of Trust  “When someone understands the assumptions her security policies, mechanisms, and procedures rest on, she will have a good understanding of how effective those policies, mechanisms, and procedures are.”  Example: what really happens when you install a “security” patch?

6 4.4 Types of Access Control  Discretionary access control (DAC) [identity-based access control (IBAC)] – user can set an access control mechanism to allow or deny access to an object  Mandatory access control (MAC) [rule-based access control] – system mechanism controls access to an object and an individual cannot alter that access.  An originator controlled access control (ORCON, ORGCON) bases access on the creator of an object (or the information it contains).

7 4.5 Example: Academic Computer Security Policy  General University Policy (Acceptable Use Policy (AUP)  Electronic Mail Policy –Summary –Full Policy –Implementation  See Chapter 35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.