A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:

Slides:



Advertisements
Similar presentations
FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.
Advertisements

TOPIC CLARK-WILSON MODEL Ravi Sandhu.
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Operating System Security
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Security Models and Architecture
Access Control Intro, DAC and MAC System Security.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Chapter 17 Controls and Security Measures
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 Clark Wilson Implementation Shilpa Venkataramana.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Information Systems Security Security Architecture Domain #5.
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.
User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
Protecting Your Private Parts Tracy Ann Kosa. Protecting Your Private Parts TASK Meeting, 27 February 2008 Objectives  Terminology  Privacy & Security.
Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Dr. Bhavani Thuraisingham Cyber Security Lecture for July 2, 2010 Security Architecture and Design.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Chapter 5 Network Security
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.
CMSC 414 Computer (and Network) Security Lecture 11 Jonathan Katz.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Integrity Policies Murat Kantarcioglu.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
12/13/20151 Computer Security Security Policies...
Chapter 5 – Designing Trusted Operating Systems
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Modeling Complex Systems by Separating Application and Security Concerns H. Gomaa, M. Shin, "Modeling Complex Systems by Separating Application and Security.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
Dr. Jeff Teo Class 4 July 2, Deliverables Lecture on Trusted Computing: Evolution and Direction Review of students’ blogs and assignments Summarize.
Chapter 8: Principles of Security Models, Design, and Capabilities
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
6/22/20161 Computer Security Integrity Policies. 6/22/20162 Integrity Policies Commercial requirement differ from military requirements: the emphasis.
CS526Topic 19: Integrity Models1 Information Security CS 526 Topic 19: Integrity Protection Models.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
TOPIC: Web Security Models
CS457 Introduction to Information Security Systems
Database System Implementation CSE 507
Access Control Model SAM-5.
Advanced System Security
Dr. Bhavani Thuraisingham Cyber Security Lecture for July 2, 2010 Security Architecture and Design.
Security Modeling Jagdish S. Gangolly School of Business
DATABASE SECURITY For CSCL (BIM).
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Implementation of security elements in database
Computer Security Access Control
Chapter 6: Integrity Policies
Anuj Dube Jimmy Lambert Michael McClendon
Access Control What’s New?
Computer Security Security Policies
Chapter 4: Security Policies
Computer Security Integrity Policies
Presentation transcript:

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors: D. Clark & D. Wilson IEEE Symposium on Security and Privacy, pp , IEEE,1987 “Any discussion of mechanisms to enforce computer security must involve a particular security policy that specifies the security goals the system must meet and the threats it must resist.” Presenter: Ivy Jiang

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang2 About the Paper Military Security Policy defined by the Department of Defense Trusted Computer System Evaluation Criteria (the “Orange Book”)  Goal: classified information must not be disclosed to unauthorized individuals  Mechanism: Discretionary Control & Mandatory Controls Security Policy valid in Commercial Situation  Goal: ensure integrity of data to prevent fraud and errors  Mechanism: Well-formed Transaction & Separation of Duty Military VS Commercial  “There is a clear difference of emphasis in the military and commercial worlds”  Distinct mechanisms are required for enforcement of security policies in commercial system

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang3 Compare to the Military Mechanism In the Commercial Mechanism Data item is not necessary associated with a particular security level Data item is manipulated by a restricted set of programs and programs must meet well formed transaction rules User is not given authority to read/write data User is given authority to execute certain program and this authority must meet separation of duty rules

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang4 Appreciative Comment Provide statement to support that “Distinct mechanisms are required for enforcement of security policies in commercial system”  “Several security systems used in the commercial environment…...evaluated using the Orange Book……..they did not meet the mandatory requirements of the security model as described in the Orange Book”  “These packages are used commonly in industry and viewed as being rather effective in their meeting of industry requirement

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang5 Critical Comment - #1 What is “lattice model”?  “We argue that a lattice model is not sufficient to characterize integrity policies”  Lattice model ?= mandatory control

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang6 Critical Comment - #2 Is there overlap between two mechanisms?  “ There is not effective overlap between the mechanisms for the two”  “Incorporation of some form of integrity controls into the Orange Book might lead to systems that better meet the needs of both group”

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang7 Question What is the proper emphasis of a security policy in the Military world? (Confidentiality, Integrity, Availability?)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.