Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection and Security

Published byValentín Moreno Hernández Modified over 6 years ago

Similar presentations

Presentation on theme: "Protection and Security"— Presentation transcript:

1 Protection and Security
An overview of basic principles

2 Protection and Security
Issues: authentication: verifying a claim of identity authorization: verifying a claim of permission audit: verifying the (non)occurrence of previous actions Authentication Authorization Audit (Au = gold) aka: AAA Reference Monitor Model From: “Computer Security in the Real World”, Lampson, 2004. CS 5204 – Fall, 2008

3 Security Goals and Principles
integrity - modification only by authorized parties confidentiality - access only by authorized parties non-repudiation - inability to disclaim authorship authenticity - verifiability of source availability - continuous access by authorized parties Principles: least privilege - minimization of rights separation of duties (by task, by person) economy of mechanism - simplest means of enforcement acceptability – adoptable/usable by user community complete mediation - universal enforcement of control open design - secrecy of enforcement mechanisms is not important CS 5204 – Fall, 2008

4 Elements of a Secure System
Specification/Policy secrecy integrity availability accountability Implementation/Mechanism isolation (impractical) exclusion (code signing, firewalls) restriction (sandboxing) recovery punishment Correctness/Assurance trusted computing base defense in depth usability theory From: “Computer Security in the Real World”, Lampson, 2004. CS 5204 – Fall, 2008

5 s Access Matrix Access Matrix Model Objects Subjects P[s,o] o
CS 5204 – Fall, 2008

6 Access Matrix objects subjects CS 5204 – Fall, 2008

7 Manipulating the Access Matrix
CS 5204 – Fall, 2008

8 Capability Lists s1 s2 s3 s1 s2 s3 grouped by subject Capability Lists
CS 5204 – Fall, 2008

9 Access Control Lists O1 O2 O3 s1 s2 s3 O1 O2 O3 Grouped by object
(s3, r5) (s1, r1) (s2, r3) (s1, r2) (s2, r4) Access Control Lists CS 5204 – Fall, 2008

10 Role-Based Access Control (RBAC)
grouped by multiple subjects Role1 s3 s2 s4 s5 s1 Role2 Role1 (r4,O3) (r1,O1) (r2,O2) Role2 (r3,O2) Role assignment Privilege assignment CS 5204 – Fall, 2008

11 Role-Based Access Control (RBAC)
Roles model particular jobs or duties in an organization Single user may play multiple roles at the same or different times Multiple users may play the same role at the same or different times The user-role assignment may be made separately from the role-permission assignment CS 5204 – Fall, 2008

12 Classes, Levels, Domains
r1 r1 r1 s2 r1 r3 r1 s3 r2 r2 r3 r3 Grouped by multiple objects O1 & O2 O3 & O5 O4 (s3, r2) (s1, r1) (s3, r3) (s2, r1) (s2, r3) (s1, r1) classes, levels, domains CS 5204 – Fall, 2008

13 Bell­LaPadula Model classification clearance level n w i level i r,w
objects r subject level 1 *-property CS 5204 – Fall, 2008

14 objects are associated
Lock and Key Method subjects possess a set of keys: Key Key (O, k) Lock (k, {r 1 , r 2 ,...}) objects are associated with a set of locks CS 5204 – Fall, 2008

15 1. need copy bit/count for control 2. need reference count
Comparison of methods Capability list Access Control List Locks & Keys propagation 1 3 1 review 4 revocation 4 reclamation 2 1. need copy bit/count for control 2. need reference count 3. need user/hierarchical control 4. need to know subject­key mapping CS 5204 – Fall, 2008

16 Task-based Access Control (TBAC)
R.K. Thomas and R.S. Sandhu, “Task-based Authorization Controls (TBAC): A Family of Model for Active and Enterprise-oriented Authorization Management.” CS 5204 – Fall, 2008

17 Team-based Access Control
W. Tolone, G. Ahn, T. Pai, “Access Control in Collaborative Systems.” CS 5204 – Fall, 2008

Download ppt "Protection and Security"

Similar presentations

Operating System Security

Operating System Security
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
Access Control Methodologies

Access Control Methodologies
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
User Domain Policies.

User Domain Policies.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Protection and Security An overview of basic principles CS5204 – Operating Systems1.

Protection and Security An overview of basic principles CS5204 – Operating Systems1.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.

Similar presentations

Ads by Google