Presentation is loading. Please wait.

Presentation is loading. Please wait.

or call for office visit,

Published byLoraine Morris Modified over 6 years ago

Similar presentations

Presentation on theme: "or call for office visit,"— Presentation transcript:

1 email or call for office visit, 404 894-5177
ECE-6612 Prof. John A. Copeland fax Offices: Klaus 3362 or call for office visit, Chapter 10 (b) - Trusted Systems 3/10/2016

2 Trusted Systems Subject: - an entity capable of accessing objects. Usually a process of an application being run by a user. Note that a secure user authentication procedure is essential (pass-phase, biometrics, ...). Object: - anything to which access is controlled. This includes files, portions of files, programs, segments of memory, records and fields of records in a database. Access Right: - a way in which an object can be accessed by a subject, typically read, write, and execute. Access matrix, access control list (ACL), or capability list (ticket): ways of defining access rights. 2

3 Objects Subjects 3

4 ACL – Access Control List
For each object, a list of subjects (& rights). Object[1] Subject[3] Subject[5] Object[2] Subject[2] Object[3] • • • 4

5 For each Subject, a list of Objects (& Rights)
Capability List For each Subject, a list of Objects (& Rights) Subject[1] Object[4] Object[7] Subject[2] Object[2] Object[5] Subject[3] • • • 5

6 Put Subjects into Levels, then Level defines Rights
Multilevel Security Put Subjects into Levels, then Level defines Rights SCI, ...* Top-Secret Secret Confidential Unclassified SCI, ...* Top-Secret Secret Confidential Unclassified SCI, ...* Top-Secret Secret Confidential Unclassified <- Compartments: Projects, Areas, … (need-to-know) • No Read Up (Simple Security Property): - a subject can only read an object of less or equal security level. • No Write Down (*-Property): - a subject can only write to an object of greater or equal security level (can not lower the security classification of information by writing to an object with a lower security level). You can contribute information to a higher security level report, but can not read the report. • Need to Know - a subject can only access data if he is cleared for that project or category (compartmentalized sensitive information). [not in book] • Reference Monitor: - a way to enforce the three rules above. * so secret we can’t reveal the name. 6

7 UNIX – each directory and file belongs to
an user (owner) and a group. Users can belong many groups d – directory For directories “x” means “can list files” Permissions, r = read, w = write, x = execute 3 sets for: user, group, others Owner Group Size Date Modified Name $ ls -l total 35816 -rw-r--r copeland staff Apr pcap -rw-r--r copeland staff Oct 31 10: alias -rw-r--r copeland staff Sep 21 10: pcap -rwxr--r copeland staff Jan reset_script drwx copeland staff Feb 22 11:22 Desktop drwxr copeland staff Jan 24 14:45 Documents drwxr-xr-x 12 root root May Downloads drwx copeland staff Mar Movies drwxr-xr-x 4 copeland staff Mar Music -rw-r--r copeland admin Feb PGP Keyrings drwxr--r copeland copeland 748 Mar Pictures drwx-wx copeland staff Nov Public $ id uid=501(copeland) gid=20(staff) groups=20(staff),204(_developer),100(_lpoperator),98(_lpadmin),81(_appserveradm),80(admin),12(everyone),504(access_bpf)

8 Write Only  Allow or Block  ACL's  8

9 Alice’s program has a Trojan Horse hidden inside.
In normal computers, programs and files usually have the same privileges as the "user" using them. Bob: RW CPE170KS "Secret" Data File Program "Secret" Clearance Alice: RW Bob: W Back-Pocket File Program "Confidential" Clearance Alice’s program has a Trojan Horse hidden inside. 9

10 "Secret" Clearance Bob: RW CPE170KS "Secret" Data File Program Alice: RW Bob: W Back-Pocket File Program "Confidential" Clearance When Bob runs Alice’s program, the Trojan writes info from Bob’s Secret file to Alice’s Confidential file (“write down”). 10

11 Confidential Clearance
In "Trusted System" computers, programs and files have their own security levels. Reference Monitor Bob: RW CPE170KS "Secret" Data File "Secret" Program Secret Clearance Alice: RW Bob: W Back-Pocket File Program Confidential Clearance Alice’s Program has to access the Secret Program through the Reference Monitor, which upgrades the level of the process to Secret. 11

12 "Confidential" Back-Pocket File
"Secret" Clearance Reference Monitor Bob: RW CPE170KS "Secret" Data File "Secret" Program Alice: RW Bob: W "Secret" Program "Confidential" Back-Pocket File "Confidential" Clearance The Security Monitor will not let the (now rated Secret) process write down to a lower level file. 12

13 Offense: How could one attack a secure system?
Defense: What attacks need to be anticipated? Defense strategy starts with an analysis of possible offensive strategies. Then, for each attack vector, how do you • Prevent • Detect • Terminate and Report 13

14 The Computer Security Center within the National Security Agency has a
Commercial Product Evaluation Program To be rated a “Trusted System” (at a certain level) and be eligible for government and DoD RFP’s, the computer must provide: Complete Mediation: Security rules are enforced on every access, not just when a file is opened. Isolation: The reference monitor and database are protected from unauthorized modification. Verifiability: The reference monitor’s correctness must be mathematically provable (by a set of logic rules, that it can provide Complete Mediation and Isolation). 14

15 “Common Criteria” Security Specifications
In January 1996, the United States, United Kingdom, Germany, France, Canada, and the Netherlands released a jointly developed evaluation standard for a multi-national marketplace. This standard is known as the "Common Criteria for Information Technology Security Evaluation" (CCITSE) usually referred to as the "Common Criteria" (CC). The Common Criteria can be used for the following purposes: (see table on next slide) Under the Common Criteria, each level of trust rating from the TCSEC can be specified as a Protection Profile (PP). A Protection Profile looks very similar to a level of trust rating but has two fundamental differences. First, where the TCSEC binds sets of features and assurances together, the Common Criteria allows Protection Profiles to combine features and assurances together in any combination. Also, the TCSEC specifies a fixed set of ratings (profiles), but the Common Criteria allows for consumers to write a customized set of requirements in a standard format. The TPEP office is currently developing Protection Profiles that map to the C2 rating referred to in the TCSEC and SBU Firewall Protection Profiles. Common Criteria evaluations are now in progress using the Firewall Protection Profiles. From - no longer available 15

16 16

17 Value of Certification
If a product is Common Criteria certified, it does not necessarily mean it is completely secure. For example, various Microsoft Windows versions, including Windows Server 2003 and Windows XP, were certified at EAL4+, but regular security patches for security vulnerabilities were still published by Microsoft for these Windows systems. This is possible because the process of obtaining a Common Criteria certification allows a vendor to restrict the analysis to certain security features and to make certain assumptions about the operating environment and the strength of threats, if any, faced by the product in that environment. … So far, most PPs and most evaluated STs/certified products have been for IT components (e.g., firewalls, operating systems, smart cards). Common Criteria certification is sometimes specified for IT procurement. Other standards containing riles for interoperation, system management, user training, … , supplement CC and other product standards. Evaluation is a costly process (often measured in hundreds of thousands of US dollars) -- and the vendor's return on that investment is not necessarily a more secure product (but it permits selling product to certain government areas). 3/11/16 17

Download ppt "or call for office visit,"

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
Access Control Methodologies

Access Control Methodologies
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.

CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Sicurezza Informatica Prof. Stefano Bistarelli

Sicurezza Informatica Prof. Stefano Bistarelli
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
SE571 Security in Computing

SE571 Security in Computing
User Domain Policies.

User Domain Policies.

Similar presentations

Ads by Google