Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 17: Confinement Problem

Published byErich Becker Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 17: Confinement Problem"— Presentation transcript:

1 Chapter 17: Confinement Problem
Dr. Wayne Summers Department of Computer Science Columbus State University

2 The Confinement Problem
Confinement problem preventing a server from leaking information that the user of the service considers confidential Server must ensure that resources accessed on behalf of the client only include resources that client is authorized to access Server must ensure that it does not reveal client’s data to any other unauthorized entity Covert channel – path of communications not designed for communication Rule of transitive confinement – if confined process invokes a second process, the second process must be as confined as the caller

3 Isolation Virtual machine – program that simulates the hardware of a computer system Sandbox – environment in which the actions of the process are restricted according to a security policy

4 Covert Channels Covert storage channel uses an attribute of the shared resource Covert timing channel uses a temporal or ordering relationship among accesses to a shared resource Noiseless covert channel – covert channel that uses a resource available to only the sender and receiver Noisy covert channel – covert channel that uses a resource available to subjects in addition to the sender and receiver

5 Covert channels Requirements of covert storage channel
Sending and receiving processes have access to the same attribute of a shared object Sending process is able to modify the attribute of the shared object Receiving process is able to references the attribute of the shared object Mechanism must exist for initiating both processes, and properly sequencing the respective accesses to the shared resource

6 Covert channels Requirements of covert timing channel
Sending and receiving processes have access to the same attribute of a shared object Sending and receiving processes must have access to a time reference (e.g. clock, timer,…) Sending process must be able to control the timing of the detection of a change in the attribute by the receiving process Mechanism must exist for initiating both processes, and properly sequencing the respective accesses to the shared resource

Download ppt "Chapter 17: Confinement Problem"

Similar presentations

Access Control Methodologies

Access Control Methodologies
A NOTE ON THE CONFINEMENT PROBLEM Butler Lampson Xerox PARC.

A NOTE ON THE CONFINEMENT PROBLEM Butler Lampson Xerox PARC.
5/17/2015 9:36 AM Confinement James Hook CS 591: Introduction to Computer Security.

5/17/2015 9:36 AM Confinement James Hook CS 591: Introduction to Computer Security.
Database Management System

Database Management System
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #17-1 Chapter 17: Confinement Problem What is the problem? Isolation: virtual.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #17-1 Chapter 17: Confinement Problem What is the problem? Isolation: virtual.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
By : Nimish Agarwal.  … are those which are neither designed nor intended to transfer information at all.  … are based on transmission by storage into.

By : Nimish Agarwal.  … are those which are neither designed nor intended to transfer information at all.  … are based on "transmission by storage into.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE.

Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE.
G53SEC 1 Reference Monitors Enforcement of Access Control.

G53SEC 1 Reference Monitors Enforcement of Access Control.
Issues Relevant To Distributed Security CSC 8320 Nidhi Gahlot.

Issues Relevant To Distributed Security CSC 8320 Nidhi Gahlot.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Dan Fleck CS 469: Security Engineering

Dan Fleck CS 469: Security Engineering
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.

Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Information Flow Control Language and System Level.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Information Flow Control Language and System Level.
思科网络技术学院理事会. 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

思科网络技术学院理事会. 1 Living in a Network Centric World Network Fundamentals – Chapter 1.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Chap1: Is there a Security Problem in Computing?.

Chap1: Is there a Security Problem in Computing?.

Similar presentations

Ads by Google