Computer Data Security & Privacy

Slides:



Advertisements
Similar presentations
Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Advertisements

Operating System Security
Protection and Security Protection is any mechanism for controlling the access of processes to the resources of a computer system. This mechanism must.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system.
Database Security - Farkas 1 Database Security and Privacy.
Access Control Intro, DAC and MAC System Security.
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
EE579T/10 #1 Spring 2003 © , Richard A. Stanley WPI EE579T Network Security 10: Firewalls Prof. Richard A. Stanley.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
EE579T/6GD #1 Summer 2003 © , Richard A. Stanley EE579T Network Security 6: Firewalls and Trusted Networks Prof. Richard A. Stanley.
User Domain Policies.
Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.
Lecture 7 Access Control
Chapter 20 Firewalls.
Operating Systems Protection & Security.
Fall 2004CS 395: Computer Security1 Chapter 20: Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the.
Växjö University, Sweden
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Chapter 11 Firewalls.
Controlling Files Richard Newman based on Smith “Elementary Information Security”
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
CS 3204 Operating Systems Godmar Back Lecture 26.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
G53SEC 1 Access Control principals, objects and their operations.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Chapter No 4 Query optimization and Data Integrity & Security.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
UNIX System Protection. Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs Adapted some ideas from the Multics project in 1969.
Multics CysecLab Graduate School of Information Security KAIST.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Computer Security: Principles and Practice
Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17.
Dr. Jeff Teo Class 4 July 2, Deliverables Lecture on Trusted Computing: Evolution and Direction Review of students’ blogs and assignments Summarize.
ECE Prof. John A. Copeland fax Offices: Klaus 3362.
Security. Digital Signatures Digital Signatures Using MD.
1 Ola Flygt Växjö University, Sweden Firewalls.
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Fall 2006CS 395: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1.
Protection and Security
Access Control Model SAM-5.
Protection and Security
or call for office visit,
Protection and Security
CE Operating Systems Lecture 21
UNIX System Protection
OS Access Control Mauricio Sifontes.
Chapter 20: Firewalls Fourth Edition by William Stallings
Net301 LECTURE 11 11/23/2015 Lect13 NET301.
Protection and Security
Access Control.
Operating System Concepts
Operating System Concepts
CSE 542: Operating Systems
Presentation transcript:

Computer Data Security & Privacy

Lecture # 7 Access Control

Trusted Systems One way to enhance the ability of a system to defend against intruders and malicious programs is to implement trusted system technology.

Data Access Control Through the user access control procedure (log on), a user can be identified to the system. Associated with each user, there can be a profile that specifies permissible operations and file accesses The operation system can enforce rules based on the user profile

Data Access Control General models of access control: Access matrix Access control list Capability list

Data Access Control Access Matrix

Data Access Control Access Matrix: Basic elements of the model Subject: An entity capable of accessing objects, the concept of subject equates with that of process Object: Anything to which access is controlled (e.g. files, programs) Access right: The way in which an object is accessed by a subject (e.g. read, write, execute)

Data Access Control Access Control List: Decomposition of the matrix by columns

Data Access Control Access Control List An access control list, lists users and their permitted access right. The list may contain a default or public entry.

Data Access Control Capability list: Decomposition of the matrix by rows.

Data Access Control Capability list A capability ticket specifies authorized objects and operations for a user Each user have a number of tickets

The Concept of Trusted Systems Protection of data and resources on the basis of levels of security (e.g. military) Users can be granted clearances to access certain categories of data

The Concept of Trusted Systems Multilevel security Definition of multiple categories or levels of data A multilevel secure system must enforce: No read up: A subject can only read an object of less or equal security level (Simple Security Property) No write down: A subject can only write into an object of greater or equal security level.

The Concept of Trusted Systems Reference Monitor Concept: Multilevel security for a data processing system

The Concept of Trusted Systems Reference Monitor Controlling element in the hardware and operating system of a computer that regulates the access of subjects to objects on basis of security parameters The monitor has access to a file (security kernel database) The monitor enforces the security rules (no read up, no write down)

The Concept of Trusted Systems Properties of the Reference Monitor Complete mediation: Security rules are enforced on every access Isolation: The reference monitor and database are protected from unauthorized modification Verifiability: The reference monitor’s correctness must be provable (mathematically)

The Concept of Trusted Systems A system that can provide such verifications (properties) is referred to as a trusted system

Trojan Horse Defense Secure, trusted operating systems are one way to secure against Trojan Horse attacks

END SLIDE SHOW L: Rania Tabeidi

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.