Presentation is loading. Please wait.

Presentation is loading. Please wait.

June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.

Published byTeresa Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they."— Presentation transcript:

1 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they cover –Policy languages The nature of mechanisms –Types –Secure vs. precise Underlying both –Trust

2 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-2 Overview Policies Trust Nature of Security Mechanisms Policy Expression Languages Limits on Secure and Precise Mechanisms

3 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-3 Security Policy Policy partitions system states into: –Authorized (secure) These are states the system can enter –Unauthorized (nonsecure) If the system enters any of these states, it’s a security violation Secure system –Starts in authorized state –Never enters unauthorized state

4 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-4 Confidentiality X set of entities, I information I has confidentiality property with respect to X if no x  X can obtain information from I I can be disclosed to others Example: –X set of students –I final exam answer key –I is confidential with respect to X if students cannot obtain final exam answer key

5 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-5 Integrity X set of entities, I information I has integrity property with respect to X if all x  X trust information in I Types of integrity: –trust I, its conveyance and protection (data integrity) –I information about origin of something or an identity (origin integrity, authentication) –I resource: means resource functions as it should (assurance)

6 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-6 Availability X set of entities, I resource I has availability property with respect to X if all x  X can access I Types of availability: –traditional: x gets access or not –quality of service: promised a level of access (for example, a specific level of bandwidth) and not meet it, even though some access is achieved

7 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-7 Policy Models Abstract description of a policy or class of policies Focus on points of interest in policies –Security levels in multilevel security models –Separation of duty in Clark-Wilson model –Conflict of interest in Chinese Wall model

8 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-8 Types of Security Policies Military (governmental) security policy –Policy primarily protecting confidentiality Commercial security policy –Policy primarily protecting integrity Confidentiality policy –Policy protecting only confidentiality Integrity policy –Policy protecting only integrity

9 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-9 Integrity and Transactions Begin in consistent state –“Consistent” defined by specification Perform series of actions (transaction) –Actions cannot be interrupted –If actions complete, system in consistent state –If actions do not complete, system reverts to beginning (consistent) state

10 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-10 Overview Policies Trust Nature of Security Mechanisms Policy Expression Languages Limits on Secure and Precise Mechanisms

11 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-11 Trust - Example Administrator installs patch 1.Trusts patch came from vendor, not tampered with in transit 2.Trusts vendor tested patch thoroughly 3.Trusts vendor’s test environment corresponds to local environment 4.Trusts patch is installed correctly

12 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-12 Trust in Formal Verification Gives formal mathematical proof that given input i, program P produces output o as specified Suppose a security-related program S formally verified to work with operating system O What are the assumptions?

13 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-13 Trust in Formal Methods 1.Proof has no errors Bugs in automated theorem provers 2.Preconditions hold in environment in which S is to be used 3.S transformed into executable S whose actions follow source code –Compiler bugs, linker/loader/library problems 4.Hardware executes S as intended –Hardware bugs (Pentium f00f bug, for example)

14 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-14 Types of Access Control Discretionary Access Control (DAC, IBAC) –individual user sets access control mechanism to allow or deny access to an object Mandatory Access Control (MAC) –system mechanism controls access to object, and individual cannot alter that access Originator Controlled Access Control (ORCON) –originator (creator) of information controls who can access information

15 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-15 Question Policy disallows cheating –Includes copying homework, with or without permission CS class has students do homework on computer Anne forgets to read-protect her homework file Bill copies it Who cheated? –Anne, Bill, or both?

16 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-16 Answer Part 1 Bill … cheated –Policy forbids copying homework assignment –Bill did it –System entered unauthorized state (Bill having a copy of Anne’s assignment) If not explicit in computer security policy, certainly implicit –Not credible that a unit of the university allows something that the university as a whole forbids, unless the unit explicitly says so

17 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-17 Answer Part #2 Anne … didn’t protect her homework –Not required by security policy She didn’t breach security If policy said students had to read-protect homework files, then Anne did breach security –She didn’t do this

18 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-18 Overview Policies Trust Nature of Security Mechanisms Policy Expression Languages Limits on Secure and Precise Mechanisms

19 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-19 Mechanisms Definition? Entity or procedure that enforces some part of the security policy –Access controls (like bits to prevent someone from reading a homework file) –Disallowing people from bringing CDs and floppy disks into a computer facility to control what is placed on systems

20 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-20 Overview Policies Trust Nature of Security Mechanisms Policy Expression Languages Limits on Secure and Precise Mechanisms

21 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-21 Policy Languages Express security policies in a precise way High-level languages –Policy constraints expressed abstractly Low-level languages –Policy constraints expressed in terms of program options, input, or specific characteristics of entities on system

22 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-22 High-Level Policy Languages Constraints expressed independent of enforcement mechanism Constraints restrict entities, actions Constraints expressed unambiguously –Requires a precise language, usually a mathematical, logical, or programming-like language

23 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-23 Example: Web Browser Goal: restrict actions of Java programs that are downloaded and executed under control of web browser Language specific to Java programs Expresses constraints as conditions restricting invocation of entities

24 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-24 Expressing Constraints Entities are classes, methods –Class: set of objects that an access constraint constrains –Method: set of ways an operation can be invoked Operations –Instantiation: s creates instance of class c: s –| c –Invocation: s 1 executes object s 2 : s 1 |  s 2 Access constraints –deny(s op x) when b –While b is true, subject s cannot perform op on (subject or class) x; empty s means all subjects

25 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-25 Sample Constraints Downloaded program cannot access password database file on UNIX system Program’s class and methods for files: class File { public file(String name); public String getfilename(); public char read(); Constraint: deny( |-> file.read) when (file.getfilename() == "/etc/passwd")

26 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-26 Another Sample Constraint At most 100 network connections open Socket class defines network interface –Network.numconns method giving number of active network connections Constraint deny( -| Socket) when (Network.numconns >= 100)

27 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-27 Domain Type Enforcement Language (DTEL) Basis: access can be constrained by types Combines elements of low-level, high-level policy languages –Implementation-level constructs express constraints in terms of language types –Constructs do not express arguments or inputs to specific system commands

28 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-28 Example Goal: users cannot write to system binaries Subjects in administrative domain can –User must authenticate to enter that domain Subjects belong to domains: –d_userordinary users –d_adminadministrative users –d_loginfor login –d_daemonsystem daemons

29 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-29 Types Object types: –t_sysbinexecutable system files –t_readablereadable files –t_writablewritable files –t_dtedata used by enforcement mechanisms –t_genericdata generated from user processes For example, treat these as partitions –In practice, files can be readable and writable; ignore this for the example

30 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-30 Domain Representation Sequence used to characterize a domain –First component is list of programs that start in the domain –Other components describe rights subject in domain has over objects of a type, e.g., (crwd->t_writable) means subject can create, read, write, and list (search) any object of type t_writable

31 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-31 d_daemon Domain domain d_daemon = (/sbin/init), (crwd->t_writable), (rd->t_generic, t_readable, t_dte), (rxd->t_sysbin), (auto->d_login); Subject can only run the init program Compromising subject in d_daemon domain does not enable attacker to alter system files –Subjects here have no write access When /sbin/init invokes login program, login program transitions into d_login domain

32 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-32 d_admin Domain domain d_admin = (/usr/bin/sh, /usr/bin/csh, /usr/bin/ksh), (crwxd->t_generic), (crwxd->t_readable, t_writable, t_dte, t_sysbin), (sigtstp->d_daemon); Admin users use a standard command interpreter They can access any file in any way sigtstp allows subjects to suspend processes in d_daemon domain

33 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-33 d_user Domain domain d_user = (/usr/bin/sh, /usr/bin/csh, /usr/bin/ksh), (crwxd->t_generic), (rxd->t_sysbin), (crwd->t_writable), (rd->t_readable, t_dte); Users run standard shells Users cannot write to system binaries No auto component as no user commands transition out of it

34 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-34 d_login Domain domain d_login = (/usr/bin/login), (crwd->t_writable), (rd->t_readable, t_generic, t_dte), setauth, (exec->d_user, d_admin) ; Cannot execute anything except the transition –Only /usr/bin/login in this domain setauth enables subject to change UID exec access to d_user, d_admin domains

35 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-35 Set Up initial_domain = d_daemon; assign -r t_generic /; assign -r t_writable /usr/var, /dev, /tmp; assign -r t_readable /etc; assign -r -s dte_t /dte; assign -r -s t_sysbin /sbin, /bin, /usr/bin, /usr/sbin; System starts in d_daemon domain Assign initial types to objects -r recursively assigns type –s binds type to name of object (delete it, recreate it, still of given type) Assignments processed in order

36 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-36 Set Up initial_domain = d_daemon; –System starts in d_daemon domain assign -r t_generic /; assign -r t_writable /usr/var, /dev, /tmp; assign -r t_readable /etc; assign -r -s dte_t /dte; assign -r -s t_sysbin /sbin, /bin, /usr/bin, /usr/sbin; –These assign initial types to objects ––r recursively assigns type ––s binds type to name of object (delete it, recreate it, still of given type)

37 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-37 Add Log Type Goal: users can’t modify system logs; only subjects in d_admin, new d_log domains can New type t_log type t_readable, t_writable, t_sysbin, t_dte, t_generic, t_log; New domain d_log domain d_log = (/usr/sbin/syslogd), (crwd->t_log), (rwd->t_writable), (rd->t_generic, t_readable);

38 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-38 Fix Domain and Set-Up domain d_daemon = (/sbin/init), (crwd->t_writable), (rxd->t_readable), (rd->t_generic, t_dte, t_sysbin), (auto->d_login);

39 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-39 Fix Domain and Set-Up domain d_daemon = (/sbin/init), (crwd->t_writable), (rxd->t_readable), (rd->t_generic, t_dte, t_sysbin), (auto->d_login, d_log); –Subject in d_daemon can invoke logging process –Can log, but not execute anything –Set type of logs assign -r t_log /usr/var/log; assign t_writable /usr/var/log/wtmp, /usr/var/log/utmp;

40 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-40 Low-Level Policy Languages Set of inputs or arguments to commands –Check or set constraints on system Low level of abstraction –Need details of system, commands

41 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-41 Example: X Window System UNIX X11 Windowing System Access to X11 display controlled by list –List says what hosts allowed, disallowed access xhost +groucho -chico Connections from host groucho allowed Connections from host chico not allowed

42 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-42 Example: tripwire File scanner that reports changes to file system and file attributes –tw.config describes what may change /usr/mab/tripwire +gimnpsu012345678-a Check everything but time of last access (“-a”) –Database holds previous values of attributes

43 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-43 Example Database Record /usr/mab/tripwire/README 0..../. 100600 45763 1 917 10 33242.gtPvf.gtPvY.gtPvY 0.ZD4cc0Wr8i21ZKaI..LUOr3.0fwo5:hf4e4.8TAqd0V4ubv ?.........9b3 1M4GX01xbGIX0oVuGo1h15z3 ?:Y9jfa04rdzM1q:eqt1APgHk ?.Eb9yo.2zkEh1XKovX1:d0wF0kfAvC ?1M4GX01xbGIX2947jdyrior38h15z3 0 file name, version, bitmask for attributes, mode, inode number, number of links, UID, GID, size, times of creation, last modification, last access, cryptographic checksums

44 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-44 Comments System administrators not expected to edit database to set attributes properly Checking for changes with tripwire is easy –Just run once to create the database, run again to check Checking for conformance to policy is harder –Need to either edit database file, or (better) set system up to conform to policy, then run tripwire to construct database

45 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-45 Example English Policy Computer security policy for academic institution –Institution has multiple campuses, administered from central office –Each campus has its own administration, and unique aspects and needs Authorized Use Policy Electronic Mail Policy

46 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-46 Authorized Use Policy Intended for one campus (Davis) only Goals of campus computing –Underlying intent Procedural enforcement mechanisms –Warnings –Denial of computer access –Disciplinary action up to and including expulsion Written informally, aimed at user community

47 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-47 Electronic Mail Policy Systemwide, not just one campus Three parts –Summary –Full policy –Interpretation at the campus

48 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-48 Email Policy Summary Warns that electronic mail not private –Can be read during normal system administration –Can be forged, altered, and forwarded Unusual because the policy alerts users to the threats –Usually, policies say how to prevent problems, but do not define the threats

49 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-49 Email Policy Summary What users should and should not do –Think before you send –Be courteous, respectful of others –Don’t nterfere with others’ use of email Personal use okay, provided overhead minimal Who it applies to –Problem is UC is quasi-governmental, so is bound by rules that private companies may not be –Educational mission also affects application

50 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-50 Email Policy Full Policy Context –Does not apply to Dept. of Energy labs run by the university –Does not apply to printed copies of email Other policies apply here E-mail, infrastructure are university property –Principles of academic freedom, freedom of speech apply –Access without user’s permission requires approval of vice chancellor of campus or vice president of UC –If infeasible, must get permission retroactively

51 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-51 Uses of E-mail Anonymity allowed –Exception: if it violates laws or other policies Can’t interfere with others’ use of e-mail –No spam, letter bombs, e-mailed worms, etc. Personal e-mail allowed within limits –Cannot interfere with university business –Such e-mail may be a “university record” subject to disclosure

52 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-52 Security of E-mail University can read e-mail –Won’t go out of its way to do so –Allowed for legitimate business purposes –Allowed to keep e-mail robust, reliable Archiving and retention allowed –May be able to recover e-mail from end system (backed up, for example)

53 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-53 Email Policy Implementation Adds campus-specific requirements and procedures –Example: “incidental personal use” not allowed if it benefits a non-university organization –Allows implementation to take into account differences between campuses, such as self-governance by Academic Senate Procedures for inspecting, monitoring, disclosing e-mail contents Backups

54 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-54 Overview Policies Trust Nature of Security Mechanisms Policy Expression Languages Limits on Secure and Precise Mechanisms

55 July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-55 Recall: Types of Mechanisms secure precise broad set of reachable statesset of secure states

56 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-56 Secure, Precise Mechanisms Can one devise a procedure for developing a mechanism that is both secure and precise? What does this mean? –Secure: Does NOT allow any violations –Precise: DOES allow ALL legitimate actions How to measure precision?

57 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-57 Secure, Precise Mechanisms Can one devise a procedure for developing a mechanism that is both secure and precise? –Consider confidentiality policies only here –Integrity policies produce same result Program a function with multiple inputs and one output –Let p be a function p: I 1 ...  I n  R. Then p is a program with n inputs i k  I k, 1 ≤ k ≤ n, and one output r  R

58 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-58 Programs and Postulates Observability Postulate: the output of a function encodes all available information about its inputs –Covert channels considered part of the output Example: authentication function –Inputs name, password; output Good or Bad –If name invalid, immediately print Bad; else access database –Problem: time output of Bad, can determine if name valid –This means timing is part of output “Side channel”

59 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-59 Protection Mechanism Let p be a function p: I 1 ...  I n  R. A protection mechanism m is a function m: I 1 ...  I n  R  E for which, when i k  I k, 1 ≤ k ≤ n, either –m(i 1,..., i n ) = p(i 1,..., i n ) or –m(i 1,..., i n )  E. E is set of error outputs –In above example, E = { “Password Database Missing”, “Password Database Locked” } m Computes p m Outputs error

60 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-60 Protection Mechanism Example Let p be a function p: I 1 ...  I n  R. auth: Names  Passwords -> {Good, Bad} Protection mechanism m m: Names  Passwords -> {Good, Bad, Error}

61 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-61 Confidentiality Policy Confidentiality policy for program p says which inputs can be revealed –Formally, for p: I 1 ...  I n  R, it is a function c: I 1 ...  I n  A, where A  I 1 ...  I n –A is set of inputs available to observer Security mechanism is function m: I 1 ...  I n  R  E –m secure iff  m´: A  R  E such that, for all i k  I k, 1 ≤ k ≤ n, m(i 1,..., i n ) = m´(c(i 1,..., i n )) –m returns values consistent with c

62 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-62 Examples c(i 1,..., i n ) = C, a constant –Deny observer any information (output does not vary with inputs) c(i 1,..., i n ) = (i 1,..., i n ), and m´ = m –Allow observer full access to information c(i 1,..., i n ) = i 1 –Allow observer information about first input but no information about other inputs.

63 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-63 Precision Security policy may be over-restrictive –Precision measures how over-restrictive m 1, m 2 distinct protection mechanisms for program p under policy c –m 1 as precise as m 2 (m 1 ≈ m 2 ) if, for all inputs i 1, …, i n, m 2 (i 1, …, i n ) = p(i 1, …, i n )  m 1 (i 1, …, i n ) = p(i 1, …, i n ) –m 1 more precise than m 2 (m 1 ~ m 2 ) if there is an input (i 1 ´, …, i n ´) such that m 1 (i 1 ´, …, i n ´) = p(i 1 ´, …, i n ´) and m 2 (i 1 ´, …, i n ´) ≠ p(i 1 ´, …, i n ´).

64 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-64 Combining Mechanisms m 1, m 2 protection mechanisms m 3 = m 1  m 2 –For inputs on which m 1 and m 2 return same value as p, m 3 does also; otherwise, m 3 returns same value as m 1 Theorem: if m 1, m 2 secure, then m 3 secure –Also, m 3 ≈ m 1 and m 3 ≈ m 2 –Follows from definitions of secure, precise, and m 3

65 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-65 Existence Theorem For any program p and security policy c, there exists a precise, secure mechanism m* such that, for all secure mechanisms m associated with p and c, m* ≈ m –Maximally precise mechanism –Ensures security –Minimizes number of denials of legitimate actions

66 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-66 Lack of Effective Procedure There is no effective procedure that determines a maximally precise, secure mechanism for any policy and program. –Sketch of proof: let c be constant function, and p compute function T(x). Assume T(x) = 0. Consider program q, where p;p; if z = 0 then y := 1 else y := 2; halt;

67 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-67 Rest of Sketch m associated with q, y value of m, z output of p corresponding to T(x)  x[T(x) = 0]  m(x) = 1  x´ [T(x´) ≠ 0]  m(x) = 2 or m(x)  If you can determine m, you can determine whether T(x) = 0 for all x Determines some information about input (is it 0?) Contradicts constancy of c. Therefore no such procedure exists

68 June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-68 Key Points Policies describe what is allowed Mechanisms control how policies are enforced Trust underlies everything

Download ppt "June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they."

Similar presentations

Operating System Security

Operating System Security
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science ©2002-2004 Matt Bishop.

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.

April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Security Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 15, 2004.

1 Security Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 15, 2004.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

Similar presentations

Ads by Google