Download presentation
Presentation is loading. Please wait.
Published byHeriberto Banks Modified over 9 years ago
1
Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under security evaluation criteria. Analyzing the security of interoperating and individually secure systems can be done in polynomial time. Given a non-secure network configuration, then re- configuring the connections in an optimal way (to minimize the impact on interoperability) is NP.
2
Multilevel Security (MLS) [Bell LaPadula Model] Security levels L define classification of subjects (processes) and objects. eg, Unclassified, Secret, Top-Secret. Policy: lattice of security levels (L,<=) x<=y: level x information may flow to level y. Unclassified < Secret < Top-Secret
3
Evaluation Criteria [“Orange” & “Red” Books] MLS systems assured to different levels of assurance based on evaluation criteria. (worst) D<C1<C2<C3<B1<B2<B3<A1 (best). Evaluated systems must meet minimum risk requirements. Systems storing high-risk combinations of data need high levels of assurance. System StoresMinimum Assurance topsecret+unclassifiedB3 topsecret+secretB2 secret+unclassifiedB1
4
Configuring MLS Networks Channel Cascade Attacks S TS U S U S B2 B1 B3 Each evaluated system meets criteria. However, network has cascading risk: Attacker breaks system A, copies TS data to S, copies this data from System A to B to C, breaks system C, copies S(TS) data to U. B3 assurance required when protecting TS and U, but cascade attack breaks B2 and lower systems. A B C
5
Modeling MLS networks Strategy effort((s,l),(s’,l’)) The minimum effort required to compromise the network and copy/downgrade level l information held on system s to level l’ on system s’ Cascade problem if exists s,s’ and l, l’: effort((s,l),(s’,l’)) < system-assurance S TS U S U S B2 B1 B3 A B C B1 B3 B2
6
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. S TS U S U S B2 B1 B3 A B C B1B3B2
7
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems S TS U S U S B2 B1 B3 A B C
8
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels S TS U S U S B2 B1 B3 A B C 3 1 3 2 0 0
9
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels Cascade Detection: finding cascades. S TS U S U S B2 B1 B3 A B C 3 2 0 3
10
Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels Cascade Detection: finding cascades. S TS U S U S B2 B1 B3 A B C 1 2 0 0 3
11
U S TS B S A U S C S D Ex1: Cascade Free Path
12
U S TS B S A U S C S D TsATsA TdATdA TsBTsB SdBSdB SsCSsC *1s*1s UdCUdC *1d*1d S U S U S B2 B1 B3 A C
13
TsATsA TdATdA TsBTsB SdBSdB SsCSsC *1s*1s UdCUdC *1d*1d Ex1: Cascade Free Path U S TS B S A U S C S D 0130000 E = max( {0,0,3,0,1,0,0} ) = 3 R(T s A,S d B ) R(T s A,U d C ) R(T S A, * 1 d ) 3 0 2 R = max( {2,3,0} ) = 3
14
U S TS B S A U S C S D Ex2: Cascading Path
15
U S TS B S A U S C S D S U S A C S D C2 B2 B1
16
Ex2: Cascading Path U S TS B S A U S C S D 2100000 TsATsA SsDSsD SsCSsC *1s*1s SdASdA SdDSdD UdCUdC *1d*1d E = max( {2,0,0,0,1,0,0} ) = 2 R(T s A,S d D ) R(T s A,U d C ) R(T s A,* 1 d ) 2 0 3 R = max( {2,3,0} ) = 3
17
Conclusion Secure interoperation is difficult! Remember: when you compose two secure systems you could obtain a not secure system! In real life: Add comunications only when really needed!
19
Questions? Thank you for your attention
20
Crisp toward soft constraints P={ x3x3 x4x4 x1x1 x2x2 V, {red,blue,yellow} {blue,yellow} {red,blue} {yellow} D, C={pairwise-different} C, PC, con, def, a} x1x1 x2x2 x3x3 x4x4 combination projection
21
Crisp toward soft constraints x3x3 x4x4 x1x1 x2x2 {red,blue,yellow} {blue,yellow} {red,blue} {yellow} C={pairwise-different} 5$ 3$ 2$ 15$ x1x1 x2x2 x3x3 x4x4 Combination (+) Projection (min) 15$ 13$ Probabilistic Fuzzy Classical Weighted C-semiring :
22
The Semiring Framework A c-semiring is a tuple such that: A is the set of all consistency values and 0, 1 A. 0 is the lowest consistency value and 1 is the highest consistency value; +, the additive operator, is a closed, commutative, associative and idempotent operation such that 1 is its absorbing element and 0 is its unit element; ×, the multiplicative operator, is a closed and associative operation such that 0 is its absorbing element, 1 is its unit element and × distributes over +. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar 1997. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar 1997.
23
Semiring-based Constraints Given a semiring, an ordered set of variables V over a finite domain D, a constraint is a function which maps an assignment of the variables in the support of c, supp(c) to an element of A. Notation c represents the constraint function c evaluated under instantiation , returning a semiring value. Given two constraints c 1 and c 2, their combination is defined as (c 1 c 2 ) = c 1 ×c 2 . The operation C represents the combination of a set of constraints C. a · b iff a+b=b c 1 v c 2 iff 8 c 1 · c 2 Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002. Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.