Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7: Hybrid Policies

Published byStina Simonsen Modified over 4 years ago

Similar presentations

Presentation on theme: "Chapter 7: Hybrid Policies"— Presentation transcript:

1 Chapter 7: Hybrid Policies
7.1 Chinese Wall Model 7.2 Clinical Information System Security Policy 7.3 Originator Controlled Access Control 7.4 Role-Based Access Control

2 Chinese Wall Model A model of a security policy that refers equally to confidentiality and integrity; Most natural environment: stock exchange, investment house; Goal: prevent a conflict of interest in business, when a trader represents two clients;

3 Chinese Wall Model Problem:
Tony advises Bank of America about investments He is asked to advise CitiBank about investments Conflict of interest to accept, because his advice for either bank would affect his advice to the other bank

4 Definitions Object O: items of information related to a company
Company dataset (CD): contains objects related to a single company CD(O): the company dataset that contains object O; Conflict of interest class (COI): contains datasets of companies in competition COI(O): the COI class that contains object O; Assume: each object belongs to exactly one COI class

5 Example COI Class

6 Temporal Element If Anthony reads any CD in a COI, he can never read another CD in that COI Possible that information learned earlier may allow him to make decisions later Let PR(S) be set of objects that S has already read

7 CW-Simple Security Condition (preliminary version)
s can read o iff either condition holds: There is an o such that s has accessed o and CD(o) = CD(o) Meaning s has read something in o’s dataset For all o  O, o  PR(s)  COI(o) ≠ COI(o) Meaning s has not read any objects in o’s conflict of interest class Initially, PR(s) = , so initial read request granted November 1, 2004 Introduction to Computer Security ©2004 Matt Bishop

8 Two Consequences COI Class
Once a subject reads any object in a COI class, the only other objects in that COI class that the subject can read are in the same CD as the read object; The minimum number of subjects needed to access every object in a COI class is the same as the number of CDs in that COI class;

9 Sanitization Public information may belong to a CD
As is publicly available, no conflicts of interest arise So, should not affect ability of analysts to read Typically, all sensitive data removed from such information before it is released publicly (called sanitization) Add third condition to CW-Simple Security Condition: 3. o is a sanitized object

10 CW-Simple Security Condition
s can read o iff either condition holds: There is an o such that s has accessed o and CD(o) = CD(o) Meaning s has read something in o’s dataset For all o  O, o  PR(s)  COI(o) ≠ COI(o) Meaning s has not read any objects in o’s conflict of interest class o is a sanitized object November 1, 2004 Introduction to Computer Security ©2004 Matt Bishop

11 Writing Anthony Susan Anthony, Susan work in same trading house
Anthony can read Bank 1’s CD, Gas’ CD Susan can read Bank 2’s CD, Gas’ CD If Anthony could write to Gas’ CD, Susan can read it Hence, indirectly, she can read information from Bank 1’s CD, a clear conflict of interest Anthony Susan Bank 1 Gas Bank 2

12 CW-*-Property s can write to o iff both of the following hold:
The CW-simple security condition permits s to read o; and For all unsanitized objects o, if s can read o, then CD(o) = CD(o) Says that s can write to an object if all the (unsanitized) objects it can read are in the same dataset November 1, 2004 Introduction to Computer Security ©2004 Matt Bishop

13 ORCON Problem: organization creating document wants to control its dissemination

14 Requirements Subject s  S marks object o  O as ORCON on behalf of organization X. X allows o to be disclosed to subjects acting on behalf of organization Y with the following restrictions: o cannot be released to subjects acting on behalf of other organizations without X’s permission; and Any copies of o must have the same restrictions placed on it.

15 Role Based Access Control
Access depends on function, not identity

16 Definitions Role r: collection of job functions
trans(r): set of authorized transactions for r Active role of subject s: role s is currently in actr(s) Authorized roles of a subject s: set of roles s is authorized to assume authr(s) canexec(s, t) iff subject s can execute transaction t at current time November 1, 2004 Introduction to Computer Security ©2004 Matt Bishop

17 Axioms Let S be the set of subjects and T the set of transactions.
Rule of role assignment: (s  S)(t  T) [canexec(s, t)  actr(s) ≠ ]. If s can execute a transaction, it has a role This ties transactions to roles Rule of role authorization: (s  S) [actr(s)  authr(s)]. Subject must be authorized to assume an active role (otherwise, any subject could assume any role)

18 Axiom Rule of transaction authorization:
(s  S)(t  T)[canexec(s, t)  t  trans(actr(s))]. If a subject s can execute a transaction, then the transaction is an authorized one for the role s has assumed

19 Separation of Duty Let r be a role, and let s be a subject such that r  auth(s). Then the predicate meauth(r) (for mutually exclusive authorizations) is the set of roles that s cannot assume because of the separation of duty requirement. Separation of duty: (r1, r2  R) [ r2  meauth(r1)  [ (s  S) [ r1 authr(s)  r2  authr(s) ] ] ]

Download ppt "Chapter 7: Hybrid Policies"

Similar presentations

Multilevel Security (MLS) Database Security and Auditing.

Multilevel Security (MLS) Database Security and Auditing.
1 cs691 chow Hybrid Policies CS691 – Chapter 7 of Matt Bishop.

1 cs691 chow Hybrid Policies CS691 – Chapter 7 of Matt Bishop.
1 ISA 662 Information System Security Hybrid Policies Chapter 6 from Bishop ’ s book.

1 ISA 662 Information System Security Hybrid Policies Chapter 6 from Bishop ’ s book.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.
May 4, 2004ECS 235Slide #1 Biba Integrity Model Basis for all 3 models: Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when.

May 4, 2004ECS 235Slide #1 Biba Integrity Model Basis for all 3 models: Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when.
Chinese wall model in the internet Environment

Chinese wall model in the internet Environment
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 7, 2004 Introduction to Computer Security Lecture.

Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 7, 2004 Introduction to Computer Security Lecture.
1 Hybrid Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 23, 2004.

1 Hybrid Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 23, 2004.
Computer Security Hybrid Policies

Computer Security Hybrid Policies
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
The top ten signs that your classmate is a computer hacker 10. You ticked him off once and your next phone bill was $20,000. 9. He's won the Publisher's.

The top ten signs that your classmate is a computer hacker 10. You ticked him off once and your next phone bill was $20, He's won the Publisher's.

Similar presentations

Ads by Google