Chapter 8: Principles of Security Models, Design, and Capabilities

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
Access Control Methodologies
Security Models and Architecture
Access Control Intro, DAC and MAC System Security.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Verifiable Security Goals
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Information Systems Security Security Architecture Domain #5.
User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
FORESEC Academy FORESEC Academy Security Essentials (II)
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Trusted System? What are the characteristics of a trusted system?
ISA 562 Internet Security Theory & Practice
Security Architecture & Models “The security architecture of an information system is fundamental to enforcing an organization’s information security policy.”
J Carpenter & lecture & Information Security 2008 Lecture 5 Access Control, Security Models.
Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Dr. Bhavani Thuraisingham Cyber Security Lecture for July 2, 2010 Security Architecture and Design.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
Chapter 5 Network Security
Security Chapter 9 Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
12/4/20151 Computer Security Security models – an overview.
Domain 6 Security Architecture and Models Domain Objective The objective of this domain is to understand: security models in terms of confidentiality,
Security Architecture & Models “The security architecture of an information system is fundamental to enforcing an organization’s information security policy.”
Information Security CS 526 Topic 17
ISA 400 Management of Information Security
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Access Control: Policies and Mechanisms Vinod Ganapathy.
Security Architecture and Design: Part II
Computer Security: Principles and Practice
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
Dr. Jeff Teo Class 4 July 2, Deliverables Lecture on Trusted Computing: Evolution and Direction Review of students’ blogs and assignments Summarize.
Exam 2 Review CS461/ECE422 Fall Exam guidelines Same as for first exam A single page of supplementary notes is allowed  8.5x11. Both sides. Write.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.
1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.
Access Control. Assignment Review  Current  Next 6/23/2016 Access Control 2.
Security Architecture and Design. 2 Domain Objectives Benefits of a Security Architecture System Level Security Architecture vs. Enterprise Security Architecture.
MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Chapter 7. Hybrid Policies
TOPIC: Web Security Models
Database System Implementation CSE 507
Information Security Principles and Practices
Access Control Model SAM-5.
Verifiable Security Goals
Computer Data Security & Privacy
Official levels of Computer Security
CP3397 Design of Networks and Security
Chapter 17: Confinement Problem
THE ORANGE BOOK Ravi Sandhu
System state models.
OS Access Control Mauricio Sifontes.
Dr. Bhavani Thuraisingham Cyber Security Lecture for July 2, 2010 Security Architecture and Design.
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Presentation transcript:

Chapter 8: Principles of Security Models, Design, and Capabilities

Implement and Manage Engineering Processes Using Secure Design Principles Objects and subjects Closed and open systems Techniques for ensuring confidentiality, integrity, and availability Controls Trust and assurance

Objects and Subjects Subject (often a user) Object (a resource) Managing relationship between subject and object is access control Transitive trust

Closed and Open Systems Closed system Proprietary standards Hard to integrate Possibly more secure Open system Open or industry standards Easier to integrate Open source vs. closed source

Techniques for Ensuring Confidentiality, Integrity, and Availability Confinement Sandboxing Bounds Isolation

Controls Discretionary access control Mandatory access control Rule-based access control

Trust and Assurance Integrated before and during design Security must be: Engineered, implemented, tested, audited, evaluated, certified, and accredited Trusted system Security mechanisms work together to provide a secure computing environment Assurance Degree of confidence in satisfaction of security needs

Understand the Fundamental Concepts of Security Models Trusted Computing Base State Machine Model Information Flow Model Noninterference Model Take-Grant Model Access Control Matrix Bell-LaPadula Model Biba Model Clark-Wilson Model Brewer and Nash Model (aka Chinese Wall) Goguen-Meseguer Model Sutherland Model Graham-Denning Model

Trusted Computing Base Defined in DoD 5200.28 Orange Book Security perimeter Trusted paths Reference monitor Security kernel

State Machine Model Always secure no matter what state it is in Finite state machine (FSM) State transition Secure state machine The basis for most other security models

Information Flow Model Based on the state machine model Prevent unauthorized, insecure, or restricted information flow Controls flow between security levels Can be used to manage state transitions

Noninterference Model Based on information flow model Separates actions of subjects at different security levels Composition theories Cascading Feedback Hookup

Take-Grant Model Dictates how rights can be passed between subjects Take rule Grant rule Create rule Remove rule

Access Control Matrix A table of subjects, objects, and access Columns are ACLs Rows are capability lists Can be used in DAC, MAC, or RBAC

Bell-LaPadula Model Based on DoD multilevel security policy Focuses only on confidentiality Lattice-based access control Simple security property * (star) security property Discretionary security property

Biba Model Based on the inverse of Bell-LaPadula Focuses only on integrity Simple integrity property * (star) integrity property

Clark-Wilson Model Focuses on integrity Access control triplet Controls access through an intermediary program or restricted interface Well-formed transactions Separation of duties

Brewer and Nash Model (aka Chinese Wall) Prevents conflicts of interest Based on dynamic access changes based on user activity Access to conflicting data is temporarily blocked

Goguen-Meseguer Model Focuses on integrity The basis of the noninterference model Based on a predetermined set/domain of objects a subject can access Based on automation theory and domain separation

Sutherland Model Focuses on integrity Prevent interference in support of integrity Defines a set of system states, initial states, and state transitions Commonly used to prevent covert channels from influencing processes

Graham-Denning Model Securely manage objects and subjects Securely create object/subject Securely delete object/subject Securely provide read access right Securely provide grant access right Securely provide delete access right Securely provide transfer access right

Select Controls and Countermeasures Based on Systems Security Evaluation Models Rainbow Series ITSEC Classes and Required Assurance and Functionality Common Criteria Industry and International Security Implementation Guidelines Certification and Accreditation

Rainbow Series TCSEC – Orange Book Red Book Green Book Confidentiality D, C1, C2, B1, B2, B3, A1 Red Book Trusted Network Interpretation of TCSEC Confidentiality and integrity None, C1, C2, B2 Green Book Password management guidelines

ITSEC Classes and Required Assurance and Functionality Rates functionality (F) and assurance (E) F-D through F-B3 E0 through E6 Confidentiality, integrity, and availability

Common Criteria Designed to replace prior systems ISO 15408 Protection profiles Security targets Evaluation Assurance Level (EAL)

Industry and International Security Implementation Guidelines Payment Card Industry – Data Security Standards (PCI-DSS) International Organization for Standardization (ISO)

Certification and Accreditation Comprehensive evaluation of security against security requirements Accreditation Formal designation by DAA that system meets organizational security needs Risk Management Framework (RMF) Committee on National Security Systems Policy (CNSSP) Definition, verification, validation, post-accreditation

Understand Security Capabilities of Information Systems Memory protection Virtualization Trusted Platform Module Hardware security module (HSM) Interfaces Fault tolerance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.