Software Security II Karl Lieberherr.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Operating System Security
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
VM: Chapter 5 Guiding Principles for Software Security.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
ANDROID™ OS Security A brief synopsis of the Android Operating System and its security. By Daniel Angelis.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Copyright ©2014 Pearson Education, Inc. Chapter 3 Requirements and Business Rules Chapter3.1.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
Operating Systems Security
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
Chapter 3 Requirements and Business Rules Copyright © 2012 Pearson Education, Inc. Publishing as Prentice HallChapter3.1.
Privilege Management Chapter 22.
Design Principles and Common Security Related Programming Problems
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Security Principles.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
SE-1021 Software Engineering II
Security+ All-In-One Edition Chapter 1 – General Security Concepts
Graph Coverage for Specifications CS 4501 / 6501 Software Testing
Abstract Major Cloud computing companies have started to integrate frameworks for parallel data processing in their product portfolio, making it easy for.
CSCI-100 Introduction to Computing
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 1: Introduction
Chapter 14: Protection.
Chapter 14: Protection.
Chapter 4 Entity Relationship (ER) Modeling
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Chapter 14: Protection.
Analysis models and design models
How to Mitigate the Consequences What are the Countermeasures?
Graph Coverage for Specifications CS 4501 / 6501 Software Testing
Chapter 14: Protection.
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Chapter 14: Protection.
Chapter 14: Protection.
Access Control What’s New?
Chapter 4: Security Policies
Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.
© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke
Entity-Relationship Design
Presentation transcript:

Software Security II Karl Lieberherr

What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit. Better to use explicit policy.

Security Goals Authentication Who is it that is trying to do something to the what we want to protect. URL authentication: is yourFriendlyBank.com really a friendly bank?

Security Criteria SALTZER, J. H., AND SCHROEDER, M. D. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (Sept. 1975), 1278-1308.

Security Criteria derived from Saltzer/Schroeder Economy of mechanism Designs which are smaller and simpler are easier to inspect and trust. Fail-safe defaults By default, access should be denied unless it is explicitly granted. Complete mediation Every access to every object should be checked. Least privilege Every program should operate with the minimum set of privileges necessary to do its job. This prevents accidental mistakes becoming security problems.

Security Criteria derived from Saltzer/Schroeder Least common mechanism Anything which is shared among different programs can be a path for communication and a potential security hole, so as little data as possible should be shared. (LoD) Accountability The system should be able to accurately record ``who'' is responsible for using a particular privilege. Psychological acceptability The system should not place an undue burden on its users.

Security criteria Performance Compatibility Remote calls We must consider how our designs constrain system performance. Security checks which must be performed at run-time will have performance costs. Compatibility We must consider the number and depth of changes necessary to integrate the security system with the existing Java virtual machine and standard libraries. Some changes may be impractical. Remote calls If the security system can be extended cleanly to remote method invocation, that would be a benefit for building secure, distributed systems.

A Logical Framework for Reasoning about Access Control Elisa Bertino

Logical framework Models Reduction to C-Datalog Role-based access control Reduction to C-Datalog

Basic components Subjects User Process: execution of a program on behalf of user Group: partial order Role: partial order

Basic components Objects Privileges Resources to be protected: partial order (has-a relationships) Privileges Access modes subjects can exercise on objects. Partial order expressing strength between privileges

Basic components Sessions Authorization rules An instance of a connection of a user to a system. Authorization rules Exploit subjects, objects, privileges and session attributes. Positive and negative.

Basic components Constraint rules Cannot be violated by components of the system. Static Without taking into account the execution state Dynamic Taking into account the execution state

Formal Representation C-Datalog Object-oriented extension of Datalog

Brief introduction to C-Datalog

Extra slides

Java Security at IBM Research (Larry Koved: manager) Automating Security Analysis of Java Components and Programs Invocation graphs

LoD and Security Can execute software only if secret is known. Secret consists of set of keys, one per class. What is security policy? Each object only gets keys of its authenticated friends (who share the same concerns???). What are the benefits of such a security policy? Compartmentalize?

LoD and security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.