Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 6: Integrity Policies  Overview  Requirements  Biba’s models  Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Published byDarren Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 6: Integrity Policies  Overview  Requirements  Biba’s models  Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop."— Presentation transcript:

1 Chapter 6: Integrity Policies  Overview  Requirements  Biba’s models  Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop

2 Integrity  Commercial and industrial firms are more concerned with accuracy  My bank balance may be disclosed but worse if modified without authorization  An inventory list may be disclosed but worse if modified without authorization Introduction to Computer Security ©2004 Matt Bishop

3 Requirements of Commercial Policies 1. Users will not write their own programs, but will use existing production programs and databases. 2. Programmers will develop and test programs on a non-production system; if they need access to actual data, they will be given production data via a special process, but will use it on their development system. 3. A special process must be followed to install a program from the development system onto the production system. 4. The special process in requirement 3 must be controlled and audited. 5. The managers and auditors must have access to both the system state and the system logs that are generated. Introduction to Computer Security ©2004 Matt Bishop

4 Separation of duty  If two or more steps are required to perform a critical function, at least two different people should perform the steps.  e.g. moving a program from the developmental environment to the production environment  If the developer has made a mistake or performed a malicious act, then the installer’s process of checking and validating should catch the problem. Introduction to Computer Security ©2004 Matt Bishop

5 Separation of function  Developers do not develop new programs on the production system  Developers do not process production data on the development system  Depending on sensitivity of data, developers and testers may get a sanitized version of the data Introduction to Computer Security ©2004 Matt Bishop

6 Auditing  Process of analyzing systems to determine what actions took place and who performed them.  Commercial systems must emphasize recovery and accountability  Must maintain extensive logs to allow for auditing Introduction to Computer Security ©2004 Matt Bishop

7 Will the Bell-LaPadula model work for confidentiality?  “Clearance” level is not typical in a commercial enterprise.  Access is provided on a per user basis  Too many categories and security levels needed  Model will become too complex  Difficult to control the proliferation of categories and levels  Aggregating public info could help in deducing confidential information  Model needed to track what questions have been asked Introduction to Computer Security ©2004 Matt Bishop

8 Biba Integrity Model  Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when second dominates first or is the same as the first  min: I  I  I returns lesser of integrity levels  i  S  O  I gives integrity level of entity  r  S  O defines the ability of a subject to read an object  w, x defined similarly Introduction to Computer Security ©2004 Matt Bishop

9 Intuition for Integrity Levels  The higher the level, the more confidence  That a program will execute correctly  That data is accurate and/or reliable  Note relationship between integrity and trustworthiness  Important point: integrity levels are not security levels Introduction to Computer Security ©2004 Matt Bishop

10 Biba’s Model  Similar to Bell-LaPadula model 1. s  S can read o  O iff i(s) ≤ i(o) 2. s  S can write to o  O iff i(o) ≤ i(s) 3. s 1  S can execute s 2  S iff i(s 2 ) ≤ i(s 1 )  Add compartments and discretionary controls to get full dual of Bell-LaPadula model  Actually the “strict integrity model” of Biba’s set of models Introduction to Computer Security ©2004 Matt Bishop

11 LOCUS and Biba  Goal: prevent untrusted software from altering data or other software  Approach: make levels of trust explicit  credibility rating based on estimate of software’s trustworthiness (0 untrusted, n highly trusted)  trusted file systems contain software with a single credibility level  Process has risk level or highest credibility level at which process can execute  Must use run-untrusted command to run software at lower credibility level Introduction to Computer Security ©2004 Matt Bishop

Download ppt "Chapter 6: Integrity Policies  Overview  Requirements  Biba’s models  Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop."

Similar presentations

Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
CS691 – Chapter 6 of Matt Bishop

CS691 – Chapter 6 of Matt Bishop
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science ©2002-2004 Matt Bishop.

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.

Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Lipner’s.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Lipner’s.
May 4, 2004ECS 235Slide #1 Biba Integrity Model Basis for all 3 models: Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when.

May 4, 2004ECS 235Slide #1 Biba Integrity Model Basis for all 3 models: Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when.
Verifiable Security Goals

Verifiable Security Goals
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 7, 2004 Introduction to Computer Security Lecture.

Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 7, 2004 Introduction to Computer Security Lecture.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.
1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.

1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.
6/26/2015 6:12 PM Lecture 5: Integrity Models James Hook (Some materials from Bishop, copyright 2004) CS 591: Introduction to Computer Security.

6/26/2015 6:12 PM Lecture 5: Integrity Models James Hook (Some materials from Bishop, copyright 2004) CS 591: Introduction to Computer Security.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

Similar presentations

Ads by Google