Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Published byTyrone Pope Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377."— Presentation transcript:

1 Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377

2 System Security Architecture How to build a “secure” system Security Policy – Goals for the system – How sensitive information and resources are managed and protected – Used to specify the system

3 Trusted Computer System Evaluation Criteria US Government Requirement for a security architecture

4 Trusted Computing Base (TCB) Collection of hardware, operating system, software and firmware Must behave properly according to the security policy and not violate the trust of the system Trusted path of communications between the user and the programs and the TCB

5 TCB Always act in a safe and predictable manner Cannot be compromised or tampered with The OS ensures non-TCB processes and TCB processes interact in a secure manner

6 TCB System goes through an evaluation process – Example: Orange Book evaluation criteria

7 Security Perimeter Boundary between processes and resources outside the TCB and the TCB Divides untrusted from trusted Precise communication standards (interface)

8 Reference Monitor Mediates all accesses for subjects to objects Ensures subjects have necessary access rights Protects objects from unauthorized access All access decision should be made by a trusted, tamperproof component of the OS which works with the system kernel

9 Security Kernel Hardware, software, firmware that implements the Reference Monitor Invoked for every access Tamperproof, tested and verified

10 Security Models Bell-LaPadula Biba Clark-Wilson

11 Security Models Start with security policy Model is a framework that implements and enforces the security policy Mathematics proof that programming code

12 State Machine Model System state is secure Only allowable state transitions into a secure state Verified by formal mathematics models Boots into a secure state Shuts down or fails into a secure state

13 Basic Security Theorem If a system is initialized in a secure state and allowed state transitions are secure, then every subsequent state will be secure no matter what inputs occur.

14 Formal Models Not popular for software development Vendors are under pressure to get the product to market Used to develop systems that cannot allow errors or security breaches – Air traffic control, spacecraft, military classified systems, medical control systems

15 Bell-LaPadula 1970s by U.S. Military Mathematical model of multilevel security policy Secure state Rules of access Only covers confidentiality

16 Bell-LaPadula Subject-object model Subjects are assigned security labels (confidential, secret, top-secret) and by domain (Iraq, Fighter Jet Contract, etc.) Objects are assigned security labels (confidential, secret, top-secret) and by domain (Iraq, Fighter Jet Contract, etc.)

17 Simple Security Rule A subject at a given security level cannot read data that resides at a higher security level. “No read up”

18 *-property Subject in a given security level cannot write information to a lower security level. “No write down”

19 Strong Star Property A subject that has read and write capabilities can only perform these capabilities at the same security level.

20 Mandatory Access Control All MAC systems are based on Bell-LaPadula

21 Biba Model Like Bell-LaPadula but for integrity Prevents data from flowing to a higher integrity level

22 *-integrity “no write up” Can write data to an object at a higher integrity level Dirty data cannot be mixed with clean data

23 Simple integrity axiom “no read down” A subject cannot read data from a lower integrity level Cannot be corrupted by lower integrity data New York Times needs high quality sources of information

24 Invocation Property A subject cannot request service (invoke) of higher integrity

25 Integrity Business need data integrity – Account balances Governments need confidentiality

26 Clark-Wilson Model Formal (mathematical) integrity model Figure 4-23 on page 375 UDI – unconstrained data item – Does not require a high level of protection

27 Clark-Wilson Model CDI – constrained data item – User cannot modify directly TP – Transformation Procedure – User authenticates – Carries out procedure for the user IVP – Integrity verification procedures – Ensure integrity rules are being carried out

28 Clark-Wilson Model Well-formed transaction = series of operation which maintains the integrity Separation of duties – part of the model for certain transactions

29 Model Mathematical framework for integrity The vendor provides the integrity rules to fit the product requirements

30 Goals of Integrity Models 1.Prevent unauthorized users from making modifications 2.Prevent authorized users from making improper modifications (separation of duties) 3.Maintain internal and external consistency Biba only addresses them first goal Clark-Wilson addresses all three

Download ppt "Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377."

Similar presentations

Operating System Security

Operating System Security
Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.

Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Security Models and Architecture

Security Models and Architecture
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Verifiable Security Goals

Verifiable Security Goals
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.
1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.

1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.

Similar presentations

Ads by Google