Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Foundations

Published bySugiarto Sumadi Modified over 5 years ago

Similar presentations

Presentation on theme: "Computer Security Foundations"— Presentation transcript:

1 Computer Security Foundations
2/23/2019

2 Security How can one determine when a computer system is secure?
What does secure mean? 2/23/2019

3 Reminder In our model a computer system is represented by a family of
states: the set of all protection states P must be a subset of the set of authorized states Q if the system is to be secure. In the previous section we used a primitive, the ACM, to manage a protection system. Protection was in terms or rights and the ACM was the used to relate subjects to objects (also basic primitives). We also discussed protection state transitions and commands, which correspond to (cause) a sequence of state transitions. 2/23/2019

4 Security - definitions
Let R be the set of (primitive) rights of the system, r e R and A be the ACM. If r e R is added to an element of A not already containing r, then r is said to be leaked. Let s0 be the initial protection state. If a system can never leak r e R then the system is safe wrt r. 2/23/2019

5 Security – safe vs secure
We use the term safe to refer to the (abstract) model. Secure will be used when referring to implementations. So a secure implementations must be modeled on a safe system. Example: safe vs secure --see textbook 2/23/2019

6 Foundation theorems The model used is based on protection sates, the ACM and a set of commands –essentially the HRU model (discussed in the previous section). 2/23/2019

7 Theorem 1 There exists an algorithm that will determine whether a
given mono-operational protection system with initial protection state s0 is safe wrt a generic right. Proof: see textbook. This whole section is a project topic for anybody who is interested in the foundations aspect of Computer Sercurity. 2/23/2019

8 Theorem 2 It is undecidable whether a given state of a given
protection system is safe wrt a generic right. Proof --reduction to the halting problem. The proof is by contradiction. It is shown that an arbitrary Touring Machine can be reduced to the safety problem with the final state corresponding to the leaking of a right. For details see textbook. 2/23/2019

9 Theorem 3 The set of unsafe systems is recursively enumerable.
(accepted by a TM). So we can generate a list of all unsafe protection systems. 2/23/2019

10 The Take-Grant protection model
Can the safety of a protection system with specific rules be established? Answer: the Take-Grant protection model. This model is represented by a directed graph. Vertices are subjects “●” or objects “○”, or both “◙”. Edges are labeled by a set of rights, that the source has over the destination. R contains two distinguished rights: t (take) g (grant). 2/23/2019

11 Transitions: rewriting rules
Take rule Grant rule Create rule Remove rule Details –slides 2/23/2019

12 Theorem 1 Let G0 be a protection graph containing just one subject vertex and no edge and let R be a set of rights. Then G0├ G iff G is a finite directed acyclic graph with subjects and objects only, with edges labeled for non-empty subsets of R and at least one subject (a trusted entity) having no incoming edge. Proof in textbook. Discussion in class. 2/23/2019

13 Closing the Gap We can answer the safety question in specific
systems, but not for generic systems (eg. the HRU system). What characteristics distinguishes a model for which the safety problem is decidable from one in which it is undecidable? 2/23/2019

14 Closing the Gap The Schematic Protection Model (SPM)
The Extended Schematic Protection Model (ESPM) Typed Access Matrix Models (TAMS) 2/23/2019

15 The Schematic Protection Model (SPM)
This model is based on the notion of a protection type. This is a label that determines how control rights affect an entity. Rights are partitioned into sets of Inert rights (RI) and Control rights (RC) Inert rights do not alter the protection state of a system. For example reading a file does not modify which entities have access to the document: so is an RI. However in the Take-Grant model the take rule does, so is in RC. 2/23/2019

16 The Extended Schematic Protection Model (ESPM)
Implicit in the SPM is the assumption of a single parent. ESPM allows for more parents. This problem arises in distributed systems. Example Anne and Bill must cooperate to perform a certain task, but do not trust each other. Such tasks may be achieved by using proxies: each create a proxy, and grants the other’s proxy only those rights that are needed to perform the task. 2/23/2019

17 Typed Access Matrix models (TAMS)
The safety properties of SPM and ESPM are implicitly based on types. The TAM model is adds the notion of type explicitly. The type of an entity is fixed when the entity is created. A protection state of a system is defined as: (S, O,t, A) where, S = set of subjects , O = set of objects, A = the Acess Control Matrix, T the set of types and t : O →T For details see textbook. 2/23/2019

Download ppt "Computer Security Foundations"

Similar presentations

Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.

Recognising Languages We will tackle the problem of defining languages by considering how we could recognise them. Problem: Is there a method of recognising.
Variants of Turing machines

Variants of Turing machines
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
CSCI 4325 / 6339 Theory of Computation Zhixiang Chen Department of Computer Science University of Texas-Pan American.

CSCI 4325 / 6339 Theory of Computation Zhixiang Chen Department of Computer Science University of Texas-Pan American.
1 1 -Access Control - 2 - Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.

1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.
Computability and Complexity 5-1 Classifying Problems Computability and Complexity Andrei Bulatov.

Computability and Complexity 5-1 Classifying Problems Computability and Complexity Andrei Bulatov.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture15: Reductions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Fall 2004COMP 3351 Undecidable problems for Recursively enumerable languages continued…

Fall 2004COMP 3351 Undecidable problems for Recursively enumerable languages continued…
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result.
1 Undecidability Andreas Klappenecker [based on slides by Prof. Welch]

1 Undecidability Andreas Klappenecker [based on slides by Prof. Welch]
April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.

April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
Fall 2004COMP 3351 Reducibility. Fall 2004COMP 3352 Problem is reduced to problem If we can solve problem then we can solve problem.

Fall 2004COMP 3351 Reducibility. Fall 2004COMP 3352 Problem is reduced to problem If we can solve problem then we can solve problem.
Courtesy Costas Busch - RPI1 Reducibility. Courtesy Costas Busch - RPI2 Problem is reduced to problem If we can solve problem then we can solve problem.

Courtesy Costas Busch - RPI1 Reducibility. Courtesy Costas Busch - RPI2 Problem is reduced to problem If we can solve problem then we can solve problem.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
1 Introduction to Computability Theory Lecture11: The Halting Problem Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture11: The Halting Problem Prof. Amos Israeli.
1 Reducibility. 2 Problem is reduced to problem If we can solve problem then we can solve problem.

1 Reducibility. 2 Problem is reduced to problem If we can solve problem then we can solve problem.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

Similar presentations

Ads by Google