computer security hybrid policies n.
Skip this Video
Loading SlideShow in 5 Seconds..
Computer Security Hybrid Policies PowerPoint Presentation
Download Presentation
Computer Security Hybrid Policies

Computer Security Hybrid Policies

97 Views Download Presentation
Download Presentation

Computer Security Hybrid Policies

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Computer SecurityHybrid Policies

  2. Chinese Wall model The security policies address both confidentiality and integrity. Primitives: • A database of objects, which contain information relating to a company • Company Datasets (CDs) containing objects relating to a single company. • Conflict Of Interest (COI) classes that contain the CDs of companies in competition.

  3. Example Bank COI Class Gas Company COI Class Bank of America a Shell s Standard Oil e Citibank b Bank the West c Union ‘76 u ARCO n

  4. CW-simple security condition Let PR(s) be the set of objects that subject s has read. CW-simple security condition, prelim version: s can read o iff either of the following holds. • There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) • For all o’  PR(s): COI(o’)  COI(o)

  5. CW-simple security condition Sanitized vs unsanitized objects CW-simple security condition: s can read o iff either of the following holds. • There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) • o’  PR(s)  COI(o’)  COI(o) • o is sanitized

  6. CW-*property Sanitized vs unsanitized objects CW-*property: s can write to object o iff both of the following hold. • The CW-ss condition permits s to read o • For all unsanitized o’: s can read o’  CD(o’) = CD(o).

  7. BLP & Chinese Wall BLP & CW are fundamentally different: • subjects in CW do not have security labels. • BLP has no notion of “past accesses”.

  8. BLP & Chinese Wall To emulate CW in BLP we assign a security category to each (COI,CD) pair. We define two security levels: • S for sanitized and U for unsanitized, and • Define the domination: U dom S. So for example: (U,{b,s}) dom (U, b).

  9. Role-Based Access Control The ability or need to access information may depend on one’s job functions, i.e., the role one has. • A role r is a collection of functions. The set of authorized transactions of r is denoted by trans(r). • The active role of a subject s, actr(s), is the role that s is currently performing. • The authorized roles of s, authr(s), is the set of roles that s is authorized to assume. • The predicate canexe(s,t), is true iff s can execute t at the current time.

  10. RBAC Three rules define the ability of a subject to execute a transaction. Let S be the set of subjects and T the set of transactions. • Rule of role assignment:  s  S, t  T : canexec(s,t) actr(s)   (if s can execute a transaction t then it has an active role) • Rule of role authorization:  s  S : actr(s)  authr(s) (if s is active then its role is authorized) • Rule of transaction authorization:  s  S, t  T : canexec(s,t)  t  trans(actr(s)) (if s can execute t then t is an authorized transaction of s)