Chap 4. Security Policies Computational Theory Lab. 120060182 Kim ki dong
Index 4.1 Security Policies 4.2 Types of Security Policies 4.3 The Role of Trust 4.4 Types of Access Control 4.5 Example : Academic Computer Security Policy 4.6 Summary
4.1 Security Policies Consider a computer system to be finite-state automaton with a set of transition functions that change state. Definition 41 A security policy is a statement that partitions the states of the system into A set of authorized, or secure, states and A set of unauthorized, or, nonsecure, states. A security policy sets the context in which we can define a secure system. More precisely : Definition 42 A secure system is a system that Starts in an authorized state and cannot enter an unauthorized state.
4.1 Security Policies Figure 4-1. A simple finite-state machine. In this example, the authorized states are s1 and s2. This system is not secure. But, if the edge from s1 to s3 were not present, the system would be secure. Definition 43 A breach of security occurs when a system enters an unauthorized state.
4.1 Security Policies Three basic properties relevant to security. Confidentiality Integrity Availability Definition 44 X be a set of entities and I be some information. I has the property of confidentiality with respect to X if no member of X can ontain information about I. Definition 45 X be a set of entities and I be some information or a resource. I has the property of integrity with respect to X if all members of X trust I.
4.1 Security Policies Definition 46 Data integrity The conveyance and storage of I do not changre the information or its trustworthiness. Origin integrity, Authentication If I is information about the origin of something, or about an identity, the member of X trust that the information is correct and unchanged. Assurance If I may be a resource rather than information, integrity means that the resource functions correctly. Definition 46 X be a set of entities and I be a resource. I has the property of availability with respect to X if all members of X can access I.
4.1 Security Policies A security policy considers all relevant aspects of Confidentiality The leakage of rights and the illicit transformation of information without leakage of right (information flow). The policy must handle dynamic changes of authentication. Integrity Identifies authorized ways in which information may be altered and entities authorized to alter it. Availability Describes what services must be provided.
4.1 Security Policies Definition 47 A security mechanism is an entity or procedure that enforces some part of the security policy. Example Policy : disallows the copying of homework. Machanism : file access control. Security policies are often implicit rather than explict. Causes confusion, especially when the policy is defined in terms of the machanism. If some machanisms pervent a specific action and other allow it.
4.2 Types of Security Policies Definition 49 A military security policy (also called a governmental security policy) is a security policy developed primarily to provide confidentiality. Definition 410 A commercial security policy is a security policy developed primarily to provide integrity. Definition 411 A confidentiality policy is a security policy dealing only with confidentiality. Definition 412 An integrity policy is a security policy dealing only with integrity.
4.3 The Role of Trust A system administrator receives and installs a security patch, High level assumption 1. the patch came from the vendor and was not tampered with in transit. 2. the vendor tested the patch thoroughly. 3. the vendor’s test environment corresponds to her environment. 4. the patch is installed correctly. Low level assumption The important aspect is that formal verification provides a formal mathematical proof. Given program P is correct that is, given any set of inputs i, j, k, the program P will produce the output x that its specification requires. S : security-related program, O : operating system.
4.3 The Role of Trust 1. the formal verification of S is correct, that is, the proof has no errors. 2. the assumptions made in the formal verification of S are correct. 3. the program will be transformed into an executable whose actions correspond to those indicated by the source code. 4. the hardware will execute the program as intended.
4.4 Types of Access Control A security policy may use two types of access controls, In one, access control is left to the discretion of the owner. In the other, the operating system controls access. Definition 413 If an individual user can set an access constrol machanism to allow or deny access to an object, that machanism is a discretionary access control(DAC), also called an identity-based access control(IBAC). Definition 414 When a system mechanism controls access to an object and an individual user cannot alter that access, the control is a mandatory access control(MAC), occasionally called a rule-based access control.
4.4 Types of Access Control Definition 415 An originator controlled access control (ORCON or ORGCON) bases access on the creator of an object (or the information it contains).
4.5 Example : Academic Computer Security Policy The explicitness of a security policy depends on the environment in which it exists. A research lab of office environment may have an unwritten policy. A bank needs a very explicit policy.
4.5.1 General University Policy This policy is an “Acceptable Use Policy”(AUP) for the Davis campus of the University of California. The policy Present the goals of campus computing. States the responsibilities associated with the privilege of using campus computers. States the intent underlying the rules. The enforcement mechanisms For minor violations, Either the unit itself resolves the problem or formal warnings are given. For more serious infractions, The administration may take stronger action such as denying access to campus computer system.
4.5.1 General University Policy In very serious cases, The university may invoke disciplinary action.
4.5.2 Electronic Mail Policy The university has several auxiliary policies, which are subordinate to the general university policy. Describes the constraints imposed on access to, ans use of, electronic mail. The electronic mail policy consists of three parts. The electronic mail policy summary The full policy Implementation at UC Davis
4.5.2.1 Electronic Mail Policy Summary Section 1 Warns users that their electronic mail is not private. Warns users that electronic mail can be forged or altered as well as forwarded. Section 2 “think before you send; be courteous and respectful of others; and don’t interfere with other’ use of electronic mail.” They emphasize that supervisors have the right to examine employees’ electronic mail that relates to the job. Section 3 The policy concludes with a statement about its application.
4.5.2.2 The Full Policy Begins with a description of the context of the policy, as well as its purpose and scope. The scope here is far more explict than that in the summary. This policy does not apply to printed copies of e-mail. The general provisions They state that e-mail services and infrastructure are university property. The policy reiterates that the university will apply principles of academic freedom and freedom of speech in its handling of e-mail. If this us infeasible, the e-mail may be read only as is needed to resolve the emergency, and then authorization must be secured after the fact.
4.5.2.2 The Full Policy Legitimate and illegitimate use of the university’s e-mail. Anonymity to senders provided that it does not violate laws or dther policies. It also expressly permits the use of university facilities for sending personal e-mail.
4.5.2.3 Implementation at UC Davis Adds campers-specific requirements and procedures e.g., "incidental personal use" not allowed if it benefits a non-university organization. Allows implementation to take into account differences between campuses, such as self-governmance by Academic Senate. Procedures for inspecting, monitoring, disclosing e-mail contents. Backups.