7/16/2015 3:58 AM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

ISA 562 Information System Security
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Lecture 2 – Multilevel Security Security Computer Science Tripos part 2 Ross Anderson.
Lecture 1: Overview modified from slides of Lawrie Brown.
Access Control Intro, DAC and MAC System Security.
Part 1: Introducing User Interface Design Chapter 1: Introduction –Why the User Interface Matters –Computers are Ubiquitous –The Importance of Good User.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Chinese wall model in the internet Environment
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
6/20/2015 7:37 PM Lecture 5: Integrity Models James Hook CS 591: Introduction to Computer Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Robust Declassification Steve Zdancewic Andrew Myers Cornell University.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
MT Computer Security - Models & Policies
User Domain Policies.
7/15/2015 5:04 PM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Verification of Information Flow Properties in Cyber-Physical Systems Ravi Akella, Bruce McMillin Department of Computer Science Missouri University of.
1 Confidentiality Policies September 21, 2006 Lecture 4 IS 2150 / TEL 2810 Introduction to Security.
3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.
Access Control Policies Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) 11 Coming up:
The Architecture of Secure Systems Jim Alves-Foss Laboratory for Applied Logic Department of Computer Science University of Idaho By, Nagaashwini Katta.
CS 425/625 Software Engineering Legacy Systems
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
Chapter 1  Introduction 1 Chapter 1: Introduction.
CS 858 – Hot Topics in Computer and Communications Security Winter 2009 Introduction.
1 TOPIC SYSTEM Z Ravi Sandhu This lecture is primarily based on: John McLean, Roger R. Schell and Donald L. Brinkley, "Security Models." Encyclopedia of.
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.
Confidentiality Policies and Integrity Policies by Stefanie Wilcox.
Slide #5-1 Confidentiality Policies CS461/ECE422 Computer Security I Fall 2010 Based on slides provided by Matt Bishop for use with Computer Security:
11/26/2015 9:14 AM Midterm Grading Comments James Hook CS 591: Introduction to Computer Security.
Access Control MAC. CSCE Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:
Lattice-based Access Control Models 2 Daniel Trivellato.
12/4/20151 Computer Security Security models – an overview.
Information Security CS 526 Topic 17
Online Submission and Management Information -- Authors AMS Annual Conference / AMS WMC Click on play to begin show.
1/15/20161 Computer Security Confidentiality Policies.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
Lecture 3 Page 1 CS 236 Online Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Dr. Jeff Teo Class 4 July 2, Deliverables Lecture on Trusted Computing: Evolution and Direction Review of students’ blogs and assignments Summarize.
Chapter 8: Principles of Security Models, Design, and Capabilities
Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1.
3/14/2016 8:37 PM Information Flow Epilog James Hook CS 591: Introduction to Computer Security.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
TOPIC: Web Security Models
Outline Basic concepts in computer security
Principles of Information System Security: Text and Cases
Basic Security Theorem
Computer Security Confidentiality Policies
Information Security CS 526
Information Security CS 526 Topic 17
Advanced System Security
System state models.
OS Access Control Mauricio Sifontes.
Confidentiality Models
Information Security CS 526
Chapter 5: Confidentiality Policies
Computer Security Confidentiality Policies
Information Security CS 526
Chapter 4: Security Policies
Chapter 5: Confidentiality Policies
Advanced System Security
Presentation transcript:

7/16/2015 3:58 AM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security

7/16/2015 3:58 AM Objectives Introduce the Bell LaPadula framework for confidentiality policy Discuss realizations of Bell LaPadula

7/16/2015 3:58 AM Follow Bishop Presentation follows Bishop’s slides for Chapter 5Bishop’s

7/16/2015 3:58 AM Discussion When would you choose to apply a model this restrictive?

7/16/2015 3:58 AM Further Reading Ross Anderson’s Security Engineering, Chapter 7: Multilevel security –Standard Criticisms –Alternative formulations –Several more examples “Looking Back at the Bell - La Padula Model”, David Elliott Bell, Proceedings 21st Annual Computer Security Applications Conference, December, 2005 –

7/16/2015 3:58 AM Criticisms of Bell LaPadula BLP is straightforward, supports formal analysis Is it enough? McLean wrote a critical paper asserting BLP rules were insufficient

7/16/2015 3:58 AM McLean’s System Z Proposed System Z = BLP + (request for downgrade) User L gets file H by first requesting that H be downgraded to L and then doing a legal BLP read Proposed fix: tranquility –Strong: Labels never change during operation –Weak: Labels never change in a manner that would violate a defined policy

7/16/2015 3:58 AM Historical The BLP retrospective published in December is fascinating! What we know as BLP and “simple security” was the “trivial case” when labels didn’t change. Bell and La Padula expected to do a more dynamic policy

7/16/2015 3:58 AM Alternatives Goguen & Meseguer, 1982: Noninterference –Model computation as event systems –Interleaved or concurrent computation can produce interleaved traces –High actions have no effect on low actions The trace of a “low trace” of a system is the same for all “high processes” that are added to the mix –Problem: Needs deterministic traces; does not scale to distributed systems

7/16/2015 3:58 AM Nondeducibility Sutherland, –Low can not deduce anything about high with 100% certainty –Historically important, hopelessly weak –Addressed issue of nondeterminism in distributed systems

7/16/2015 3:58 AM Intranstitive non-interference Rushby, 1992 –Updates Goguen & Meseguer to deal with the reality that some communication may be authorized (e.g. High can interefere with low if it is mediated by crypto)

7/16/2015 3:58 AM Looking forward Chapter 6: Integrity Policies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.