Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Published byGeraldine Parsons Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."— Presentation transcript:

1 Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

2 Lecture 3 Page 2 CS 236 Online Mandatory Access Control and the Real World For a long time, things like Bell-La Padula were hard to run Real-world commercial systems did not support them That’s changing

3 Lecture 3 Page 3 CS 236 Online SE Linux and Flask Security Enhanced Linux –Developed by NSA researchers –Open source, like all Linux Implementation of the Flask security architecture –Which allows flexible use of mandatory access control

4 Lecture 3 Page 4 CS 236 Online What Can You Do With Flask? Multi-level security –Including Bell La Padula Domain Type Enforcement Role-based Access Control Many other types of mandatory access control policies No superuser, many other common Linux/Unix security problems avoided

5 Lecture 3 Page 5 CS 236 Online Flask and Solaris Flask architecture to be added to Sun Solaris operating system Essentially the same architecture as in SE Linux

6 Lecture 3 Page 6 CS 236 Online What Does This Mean For You? You can get usable, commercial operating systems with MAC Even operating systems with strong industry support Well, so what?

7 Lecture 3 Page 7 CS 236 Online Is MAC For You? MAC is only useful where it makes sense to force policy to be followed Typically not on a single user’s personal machine More common on industry installations –Especially those with military connections Do you need to guarantee access control properties? –Regardless of how foolish your users are?

Download ppt "Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher."

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
JENNIS SHRESTHA CSC 345 April 22, 2014. Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,

Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,
Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.

Lecture 13 Page 1 CS 111 Online File Systems: Introduction CS 111 On-Line MS Program Operating Systems Peter Reiher.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
Lecture 2: Security Policy Models Fred Chong CS290N Architectural Support for Secure and Reliable Computing.

Lecture 2: Security Policy Models Fred Chong CS290N Architectural Support for Secure and Reliable Computing.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.

1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
Introduction to Unix GLY 560: GIS for Earth Scientists Class Home Page:

Introduction to Unix GLY 560: GIS for Earth Scientists Class Home Page:
SELinux (Security Enhanced Linux) By: Corey McClurg.

SELinux (Security Enhanced Linux) By: Corey McClurg.
Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.

Security-Enhanced Linux Joseph A LaConte CS 522 December 8, 2004.
Shane Jahnke CS591 December 7, 2009.  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.

Shane Jahnke CS591 December 7,  What is SELinux?  Changing SELinux Policies  What is SLIDE?  Reference Policy  SLIDE  Installation and Configuration.
User Domain Policies.

User Domain Policies.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 4 Page 1 CS 236 Online Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Similar presentations

Ads by Google