Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: GCATT Bldg.

Published byKerrie Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: GCATT Bldg."— Presentation transcript:

1 ECE-8843 http://www.csc.gatech.edu/copeland/jac/8843/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 email or call for office visit, or call Kathy Cheek, 404 894-5696 Chapter 10b - Trusted Systems

2 2 Trusted Systems Subject: - an entity capable of accessing objects. Usually a process of an application being run by a user. Note that a secure user authentication procedure is essential (pass-phase, biometrics,...). Object: - anything to which access is controlled. This includes files, portions of files, programs, segments of memory, records and fields of records in a database. Access Right: - a way in which an object can be accessed by a subject, typically read, write, and execute. Access matrix, access control list (ACL), or capability list (ticket): ways of defining access rights.

3 3

4 4

5 5

6 6 Multilevel Security No Read Up (Simple Security Property): - a subject can only read an object of less or equal security level. No write down (*-Property): - a subject can only write to an object of greater or equal security level (can not lower the security classification of information by writing to an object with a lower security level). You can contribute information to a higher security level report, but can not read the report. Need to Know - a subject can only access data if he is cleared for that project or category (compartmentalized sensitive information). [not in book] Reference Monitor: - a way to enforce the rules above....* Top-Secret Secret Confidential Unclassified * so secret we can’t reveal the name.

7 7

8 8 Alice’s program has a Trojan Horse hidden inside.

9 9 When Bob runs Alice’s program, the Trojan writes info from Bob’s Secret file to Alice’s Confidential file (“write down”).

10 10 Alice’s Program has to access the Secret Program through the Reference Monitor, which upgrades the level of the process to Secret. Secret Clearance Confidential Clearance

11 11 The Security Monitor will not let the (now rated Secret) process write down to a lower level file.

12 The Computer Security Center within the National Security Agency has a Commercial Product Evaluation Program To be rated a “Trusted System” (at a certain level) and be eligible for government and DoD RFP’s, the computer must provide: Complete Mediation: Security rules are enforced on every access, not just when a file is opened. Isolation: The reference monitor and database are protected from unauthorized modification. Verifiability: The reference monitor’s correctness must be mathematically provable (that it can provide Complete Mediation and Isolation). 12

13

14 In January 1996, the United States, United Kingdom, Germany, France, Canada, and the Netherlands released a jointly developed evaluation standard for a multi- national marketplace. This standard is known as the "Common Criteria for Information Technology Security Evaluation" (CCITSE) usually referred to as the "Common Criteria" (CC). The Common Criteria can be used for the following purposes: (see table on next slide) Under the Common Criteria, each level of trust rating from the TCSEC can be specified as a Protection Profile (PP). A Protection Profile looks very similar to a level of trust rating but has two fundamental differences. First, where the TCSEC binds sets of features and assurances together, the Common Criteria allows Protection Profiles to combine features and assurances together in any combination. Also, the TCSEC specifies a fixed set of ratings (profiles), but the Common Criteria allows for consumers to write a customized set of requirements in a standard format. The TPEP office is currently developing Protection Profiles that map to the C2 rating referred to in the TCSEC and SBU Firewall Protection Profiles. Common Criteria evaluations are now in progress using the Firewall Protection Profiles. http://www.radium.ncsc.mil/tpep/library/ccitse/cc_over.html “Common Criteria” Security Specifications

15

Download ppt "ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035 Office: GCATT Bldg."

Similar presentations

Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
IT Security Evaluation By Sandeep Joshi

IT Security Evaluation By Sandeep Joshi
Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.

Computer Security: Principles and Practice Chapter 10 – Trusted Computing and Multilevel Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 10 – Trusted Computing.
Security Models and Architecture

Security Models and Architecture
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.

CS 483 – SD SECTION (8) AUTHORIZATION. INTRODUCTION The authorization (or access control) process is used to decide if person, program or device X is.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Stephen S. Yau CSE 465-591, Fall 2006 1 Evaluating Systems for Functionality and Assurance.

Stephen S. Yau CSE , Fall Evaluating Systems for Functionality and Assurance.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Similar presentations

Ads by Google