Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4: Security Policies

Published byAksel Kjærgaard Modified over 4 years ago

Similar presentations

Presentation on theme: "Chapter 4: Security Policies"— Presentation transcript:

1 Chapter 4: Security Policies
4.2 Types of Security Policies 4.3 The Role of Trust 4.4 Types of Access Control Introduction to Computer Security ©2004 Matt Bishop

2 Security Policy Definition: a security policy is a statement that partitions system states into: Authorized (secure) These are states the system can enter Unauthorized (nonsecure) If the system enters any of these states, it’s a security violation

3 Secure System Definition: a secure system is a system
Starts in authorized state Never enters unauthorized state

4 Breach of Security t1 s1 s2 t4 s3 t5 s4 t2 t3 Definition: when a system enters an unauthorized state.

5 Definition 4-4: Confidentiality
X set of entities, I information I has confidentiality property with respect to X if no x  X can obtain information from I I can be disclosed to others Example: X set of students I final exam answer key I is confidential with respect to X if students cannot obtain final exam answer key

6 Definition 4-5: Integrity
X set of entities, I information I has integrity property with respect to X if all x  X trust information in I Types of integrity: trust I, its conveyance and protection (data integrity) I information about origin of something or an identity (origin integrity, authentication) I resource: means resource functions as it should (assurance)

7 Definition 4-6: Availability
X set of entities, I resource I has availability property with respect to X if all x  X can access I Types of availability: traditional: x gets access or not quality of service: promised a level of access (for example, a specific level of bandwidth) and not meet it, even though some access is achieved, e.g. service is not provided in a timely manner;

8 Definition 4-7: Mechanism
A security mechanism is an entity or procedure that enforces some part of the security policy; Example: Policy: the statement that no student may copy another student’s homework; Mechanism: file access control; set permission to prevent access to a particular file;

9 Types of Security Policies
Definition 4-9: Military (governmental) security policy Policy primarily protecting confidentiality; Example: information about a military mission; Definition 4-10: Commercial security policy Policy primarily protecting integrity Confidentiality: leak of customer account information; Integrity: modification of customer account balance;

10 Types of Security Policies
Definition 4-11: Confidentiality policy Policy protecting only confidentiality Definition 4-12: Integrity policy Policy protecting only integrity

11 Types of Access Control
Discretionary Access Control (DAC, IBAC) individual user sets access control mechanism to allow or deny access to an object Mandatory Access Control (MAC) system mechanism controls access to object, and individual cannot alter that access Originator Controlled Access Control (ORCON) originator (creator) of information controls who can access information Introduction to Computer Security ©2004 Matt Bishop

12 Types of Access Control
Discretionary Access Control (DAC, IBAC)

13 Types of Access Control
Mandatory Access Control (MAC) system mechanism controls access to object, and individual cannot alter that access

14 Types of Access Control
Originator Controlled Access Control (ORCON) originator (creator) of information controls who can access information; MicroSoft sold you a software: now you are the owner and MicroSoft is the Originator; You, as the owner, can not distribute the software to others; MicroSoft, the originator, decides who can access the software;

15 DAC vs ORCON Is the Owner the same as the Originator?
If yes, then it is DAC; If no, then it is ORCON; In other words, has the originator passed the data to another person? If the originator still owns the data, then it is DAC; otherwise, it is ORCON;

Download ppt "Chapter 4: Security Policies"

Similar presentations

Operating System Security

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Access Control Methodologies

Access Control Methodologies
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.

April 13, 2004ECS 235Slide #1 Expressive Power How do the sets of systems that models can describe compare? –If HRU equivalent to SPM, SPM provides more.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Security Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 15, 2004.

1 Security Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 15, 2004.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
7/15/2015 7:56 AM Lecture 3: Policy James Hook CS 591: Introduction to Computer Security.

7/15/2015 7:56 AM Lecture 3: Policy James Hook CS 591: Introduction to Computer Security.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza 411109 TE computer.

C OMPUTER S ECURITY C ONCEPTS By: Qubilah D’souza TE computer.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.

Similar presentations

Ads by Google