1 / 14

Security Modeling

Security Modeling. Jagdish S. Gangolly. Security Modeling and Information Assurance. Security modeling lies at the heart of Information whose objective is to ensure Confidentiality Integrity Availability. Security Modeling and Information Assurance.

rufina
Télécharger la présentation

Security Modeling

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Modeling Jagdish S. Gangolly Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  2. Security Modeling and Information Assurance • Security modeling lies at the heart of Information whose objective is to ensure • Confidentiality • Integrity • Availability Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  3. Security Modeling and Information Assurance At a high level, an operating system is an accounting system. It monitors and maintains information indispensable for ensuring the three objectives of Information Assurance Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  4. Designing Trusted Operating Systems • An OS is trusted if we have confidence that it provides the four services in a consistent and effective way • Memory protection • File protection • General object access control • User authentication Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  5. Trusted vs. Secure Systems Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  6. Security Policies I • Military security policy • Top secret, Secret, Confidential, Restricted, Unclassified • Compartment: contains information associated with a project • Combination <rank, compartments> is called a class or classification of information • A person seeking access to information must be cleared Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  7. Security Policies II • Dominance: For subject s and object o, s  0 if and only if rank s  rank o and compartments s  compartments o We say, o dominates s. Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  8. Security Policies III • A subject can read an object only if: • The clearance level of the subject is at least as high as the clearance level of the information • The subject has a need to know about all compartments for which the information is classified • Security officer controls clearances and classifications Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  9. Security Modeling I • Models of Confidentiality • Bell- La Padula Model • Subjects, Objects, set of access operations, a Set of security levels, Security clearance for subjects, Security classification for objects, Access control matrix. • Ss-property (Simple Security Policy)(no read-up policy) A subject s may have read access to an object o only if C(o) ≤ C(s) • *-property (no write-down policy) A subject s who has read access to an object o may have write access object p only if C(o) ≤ C(p) • ds-property (discretionary security property) (Orangebook) "a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)." -- TCSEC Access control matrix. • A state is secure if the three security properties are satisfied. • Basic security theorem:If the initial state is secure and all state transitions are secure, then all subsequent states are secure, no matter what inputs occur. Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  10. Security Modeling II • Biba Integrity Model: • Simple integrity property: a subject can modify a, object only if its integrity classification dominates that of the object • Integrity *-property: If a subject has read access to object o, then it can have write access right to an object p only if the integrity classification of o dominates that of p. Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  11. Security Modeling III • Harrison-Ruzzo-Ullman Model: • Commands, conditions, primitive operations. • Protection system: subjects, objects, rights, commands • If commands are restricted to a single operation each, it is possible to decide if a given subject can ever obtain right to an object. • If commands are not restricted to one operations each, it is not always decidable whether a given protection system can confer a given right. Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  12. Security Modeling III • Clark-Wilson Commercial Security Policy: • Well-formed transaction • Separation of duty Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  13. Security Features of Trusted Operating Systems • User identification & authentication • Mandatory access control • Discretionary access control • Object reuse protection (leakage), remanence • Complete mediation • Trusted path • Audit • Audit log reduction • Intrusion detection Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

  14. Orange Book • D: Minimal protection • C1/C2/B1: requiring security features common to commercial operating systems windows NT/2000 C2 Solaris C2, B1 • B2: precise proof of security of the underlying model and a narrative specification of the trusted computing base • B3/A1: requiring more precisely proven descriptive and formal designs of the trusted computing base Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

More Related