Presentation is loading. Please wait.

Presentation is loading. Please wait.

Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under.

Published byHeriberto Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under."— Presentation transcript:

1 Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under security evaluation criteria.  Analyzing the security of interoperating and individually secure systems can be done in polynomial time.  Given a non-secure network configuration, then re- configuring the connections in an optimal way (to minimize the impact on interoperability) is NP.

2 Multilevel Security (MLS) [Bell LaPadula Model] Security levels L define classification of subjects (processes) and objects. eg, Unclassified, Secret, Top-Secret. Policy: lattice of security levels (L,<=) x<=y: level x information may flow to level y. Unclassified < Secret < Top-Secret

3 Evaluation Criteria [“Orange” & “Red” Books] MLS systems assured to different levels of assurance based on evaluation criteria. (worst) D<C1<C2<C3<B1<B2<B3<A1 (best). Evaluated systems must meet minimum risk requirements. Systems storing high-risk combinations of data need high levels of assurance. System StoresMinimum Assurance topsecret+unclassifiedB3 topsecret+secretB2 secret+unclassifiedB1

4 Configuring MLS Networks Channel Cascade Attacks S TS U S U S B2 B1 B3 Each evaluated system meets criteria. However, network has cascading risk: Attacker breaks system A, copies TS data to S, copies this data from System A to B to C, breaks system C, copies S(TS) data to U. B3 assurance required when protecting TS and U, but cascade attack breaks B2 and lower systems. A B C

5 Modeling MLS networks Strategy effort((s,l),(s’,l’)) The minimum effort required to compromise the network and copy/downgrade level l information held on system s to level l’ on system s’ Cascade problem if exists s,s’ and l, l’:  effort((s,l),(s’,l’)) < system-assurance S TS U S U S B2 B1 B3 A B C B1 B3 B2

6 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. S TS U S U S B2 B1 B3 A B C B1B3B2

7 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems S TS U S U S B2 B1 B3 A B C

8 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels S TS U S U S B2 B1 B3 A B C 3 1 3 2 0 0

9 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels Cascade Detection: finding cascades. S TS U S U S B2 B1 B3 A B C 3 2 0 3

10 Modeling MLS networks Strategy (using Constraints) Systems as flow-constraints between the levels of data that they store. Networks as flow-constraints that represent the channels that connect systems Soft constraint semi-ring as assurance levels Cascade Detection: finding cascades. S TS U S U S B2 B1 B3 A B C 1 2 0 0 3

11 U S TS B S A U S C S D Ex1: Cascade Free Path

12 U S TS B S A U S C S D TsATsA TdATdA TsBTsB SdBSdB SsCSsC *1s*1s UdCUdC *1d*1d S U S U S B2 B1 B3 A C

13 TsATsA TdATdA TsBTsB SdBSdB SsCSsC *1s*1s UdCUdC *1d*1d Ex1: Cascade Free Path U S TS B S A U S C S D 0130000 E  = max( {0,0,3,0,1,0,0} ) = 3 R(T s A,S d B ) R(T s A,U d C ) R(T S A, * 1 d ) 3 0 2 R  = max( {2,3,0} ) = 3

14 U S TS B S A U S C S D Ex2: Cascading Path

15 U S TS B S A U S C S D S U S A C S D C2 B2 B1

16 Ex2: Cascading Path U S TS B S A U S C S D 2100000 TsATsA SsDSsD SsCSsC *1s*1s SdASdA SdDSdD UdCUdC *1d*1d E  = max( {2,0,0,0,1,0,0} ) = 2 R(T s A,S d D ) R(T s A,U d C ) R(T s A,* 1 d ) 2 0 3 R  = max( {2,3,0} ) = 3

17 Conclusion Secure interoperation is difficult! Remember: when you compose two secure systems you could obtain a not secure system! In real life: Add comunications only when really needed!

18

19 Questions? Thank you for your attention

20 Crisp toward soft constraints P={ x3x3 x4x4 x1x1 x2x2 V, {red,blue,yellow} {blue,yellow} {red,blue} {yellow} D, C={pairwise-different} C, PC, con, def, a} x1x1 x2x2 x3x3 x4x4 combination projection

21 Crisp toward soft constraints x3x3 x4x4 x1x1 x2x2 {red,blue,yellow} {blue,yellow} {red,blue} {yellow} C={pairwise-different} 5$ 3$ 2$ 15$ x1x1 x2x2 x3x3 x4x4 Combination (+) Projection (min) 15$ 13$ Probabilistic Fuzzy Classical Weighted C-semiring :

22 The Semiring Framework A c-semiring is a tuple such that: A is the set of all consistency values and 0, 1  A. 0 is the lowest consistency value and 1 is the highest consistency value; +, the additive operator, is a closed, commutative, associative and idempotent operation such that 1 is its absorbing element and 0 is its unit element; ×, the multiplicative operator, is a closed and associative operation such that 0 is its absorbing element, 1 is its unit element and × distributes over +. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar 1997. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar 1997.

23 Semiring-based Constraints Given a semiring, an ordered set of variables V over a finite domain D, a constraint is a function which maps an assignment  of the variables in the support of c, supp(c) to an element of A. Notation c  represents the constraint function c evaluated under instantiation , returning a semiring value. Given two constraints c 1 and c 2, their combination is defined as (c 1  c 2 )  = c 1  ×c 2 . The operation  C represents the combination of a set of constraints C. a · b iff a+b=b c 1 v c 2 iff 8  c 1  · c 2  Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002. Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002.

Download ppt "Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under."

Similar presentations

ISA 562 Information System Security

ISA 562 Information System Security
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
4/28/20151 Computer Security Security Evaluation.

4/28/20151 Computer Security Security Evaluation.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Evaluation, Assurance, Classified Systems Dr. William Hery CS 996 Spring 2004.

Evaluation, Assurance, Classified Systems Dr. William Hery CS 996 Spring 2004.
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
Trusted vs. secure software

Trusted vs. secure software
DDBMS Security - Bakul Gada.

DDBMS Security - Bakul Gada.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
Evaluation, Assurance, Classified Systems Dr. William Hery CS 996 Spring 2005.

Evaluation, Assurance, Classified Systems Dr. William Hery CS 996 Spring 2005.
S.S. Yau CSE465-591 Fall 2006 1 Classified Systems.

S.S. Yau CSE Fall Classified Systems.
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Security Management Practices Keith A. Watson, CISSP CERIAS.

Security Management Practices Keith A. Watson, CISSP CERIAS.
Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.

Similar presentations

Ads by Google