Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

Published byPhoebe Cook Modified over 5 years ago

Similar presentations

Presentation on theme: "Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)"— Presentation transcript:

1 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Security Modeling Jagdish S. Gangolly 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

2 Security Modeling and Information Assurance
Security modeling lies at the heart of Information whose objective is to ensure Confidentiality Integrity Availability 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

3 Security Modeling and Information Assurance
At a high level, an operating system is an accounting system. It monitors and maintains information indispensable for ensuring the three objectives of Information Assurance 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

4 Designing Trusted Operating Systems
An OS is trusted if we have confidence that it provides the four services in a consistent and effective way Memory protection File protection General object access control User authentication 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

5 Trusted vs. Secure Systems
Either-or Graded Property of presenter/developer Property of receiver/user Asserted based on product characteristics Judged based on evidence & analysis Absolute Relative A goal A characteristic 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

6 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Security Policies I Military security policy Top secret, Secret, Confidential, Restricted, Unclassified Compartment: contains information associated with a project Combination <rank, compartments> is called a class or classification of information A person seeking access to information must be cleared 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

7 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Security Policies II Dominance: For subject s and object o, s  0 if and only if rank s  rank o and compartments s  compartments o We say, o dominates s. 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

8 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Security Policies III A subject can read an object only if: The clearance level of the subject is at least as high as the clearance level of the information The subject has a need to know about all compartments for which the information is classified Security officer controls clearances and classifications 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

9 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Security Modeling I Models of Confidentiality Bell- La Padula Model Subjects, Objects, set of access operations, a Set of security levels, Security clearance for subjects, Security classification for objects, Access control matrix. Ss-property (Simple Security Policy)(no read-up policy) A subject s may have read access to an object o only if C(o) ≤ C(s) *-property (no write-down policy) A subject s who has read access to an object o may have write access object p only if C(o) ≤ C(p) ds-property (discretionary security property) (Orangebook) "a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)." -- TCSEC Access control matrix. A state is secure if the three security properties are satisfied. Basic security theorem: If the initial state is secure and all state transitions are secure, then all subsequent states are secure, no matter what inputs occur. 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

10 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Security Modeling II Biba Integrity Model: Simple integrity property: a subject can modify a, object only if its integrity classification dominates that of the object Integrity *-property: If a subject has read access to object o, then it can have write access right to an object p only if the integrity classification of o dominates that of p. 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

11 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Security Modeling III Harrison-Ruzzo-Ullman Model: Commands, conditions, primitive operations. Protection system: subjects, objects, rights, commands If commands are restricted to a single operation each, it is possible to decide if a given subject can ever obtain right to an object. If commands are not restricted to one operations each, it is not always decidable whether a given protection system can confer a given right. 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

12 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Security Modeling III Clark-Wilson Commercial Security Policy: Well-formed transaction Separation of duty 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

13 Security Features of Trusted Operating Systems
User identification & authentication Mandatory access control Discretionary access control Object reuse protection (leakage), remanence Complete mediation Trusted path Audit Audit log reduction Intrusion detection 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

14 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Orange Book D: Minimal protection C1/C2/B1: requiring security features common to commercial operating systems windows NT/2000 C2 Solaris C2, B1 B2: precise proof of security of the underlying model and a narrative specification of the trusted computing base B3/A1: requiring more precisely proven descriptive and formal designs of the trusted computing base 2/22/2019 Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

Download ppt "Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)"

Similar presentations

Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Access Control Methodologies

Access Control Methodologies
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.

Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
User Domain Policies.

User Domain Policies.
Lecture 7 Access Control

Lecture 7 Access Control
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.

CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
Trusted System? What are the characteristics of a trusted system?

Trusted System? What are the characteristics of a trusted system?
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.

Chapter 5 – Designing Trusted Operating Systems  What makes an operating system “secure”? Or “trustworthy?  How are trusted systems designed, and which.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.

Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Similar presentations

Ads by Google