Toward A Mathematical Model of Computer Security Gina Duncanson Kevin Jonas Ben Lange John Loff-Peterson Ben Neigebauer.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

Global States.
Distributed Snapshots: Determining Global States of Distributed Systems Joshua Eberhardt Research Paper: Kanianthra Mani Chandy and Leslie Lamport.
Impossibility of Distributed Consensus with One Faulty Process
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.
Copyright © Cengage Learning. All rights reserved.
Software Connectors Software Architecture. Importance of Connectors Complex, distributed, multilingual, modern software system functionality and managing.
1 Introduction to Computability Theory Lecture4: Regular Expressions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture11: Variants of Turing Machines Prof. Amos Israeli.
1 Frameworks. 2 Framework Set of cooperating classes/interfaces –Structure essential mechanisms of a problem domain –Programmer can extend framework classes,
Induction Sections 41. and 4.2 of Rosen Fall 2008 CSCE 235 Introduction to Discrete Structures Course web-page: cse.unl.edu/~cse235 Questions:
Slides prepared by Rose Williams, Binghamton University Chapter 1 Getting Started 1.1 Introduction to Java.
Dynamic adaptation of parallel codes Toward self-adaptable components for the Grid Françoise André, Jérémy Buisson & Jean-Louis Pazat IRISA / INSA de Rennes.
CPSC 668Set 16: Distributed Shared Memory1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Introduction to the Application.
Layer 7- Application Layer
Robust Declassification Steve Zdancewic Andrew Myers Cornell University.
Copyright © Cengage Learning. All rights reserved.
MCA 520: Graph Theory Instructor Neelima Gupta
Introduction 2: Internet, Intranet, and Extranet J394 – Perancangan Situs Web Program Sudi Manajemen Universitas Bina Nusantara.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #8-1 Chapter 8: Noninterference and Policy Composition Overview Problem Deterministic.
Web and Internet Part I ST: Introduction to Web Interface Design Prof. Angela Guercio Spring 2007.
Section 2.1 Identify hardware Describe processing components Compare and contrast input and output devices Compare and contrast storage devices Section.
CSCI 6962: Server-side Design and Programming JDBC Database Programming.
Internet Concept and Terminology. The Internet The Internet is the largest computer system in the world. The Internet is often called the Net, the Information.
HOW WEB SERVER WORKS? By- PUSHPENDU MONDAL RAJAT CHAUHAN RAHUL YADAV RANJIT MEENA RAHUL TYAGI.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. WEB.
1 Version 3.0 Module 11 TCP Application and Transport.
Introduction To Internet
Section 2 Section 2.1 Identify hardware Describe processing components Compare and contrast input and output devices Compare and contrast storage devices.
Theory of Computation, Feodor F. Dragan, Kent State University 1 Regular expressions: definition An algebraic equivalent to finite automata. We can build.
Web Engineering we define Web Engineering as follows: 1) Web Engineering is the application of systematic and proven approaches (concepts, methods, techniques,
1 Sections 1.5 & 3.1 Methods of Proof / Proof Strategy.
Of 33 lecture 12: propositional logic – part I. of 33 propositions and connectives … two-valued logic – every sentence is either true or false some sentences.
CPS120: Introduction to Computer Science Functions.
ECEN “Internet Protocols and Modeling”, Spring 2012 Course Materials: Papers, Reference Texts: Bertsekas/Gallager, Stuber, Stallings, etc Class.
CHAPTER 1 Regular Languages
Failure Mode Assumptions and Assumption Coverage David Powell.
World Wide Web “WWW”, "Web" or "W3". World Wide Web “WWW”, "Web" or "W3"
Mathematical Preliminaries
1 WWW. 2 World Wide Web Major application protocol used on the Internet Simple interface Two concepts –Point –Click.
12/13/20151 Computer Security Security Policies...
Chapter 17 - Clients + Servers = Distributed Computing Introduction Large Computers Use Networks For Input and Output Small Computers Use Networks To Interact.
1Computer Sciences Department. Book: INTRODUCTION TO THE THEORY OF COMPUTATION, SECOND EDITION, by: MICHAEL SIPSER Reference 3Computer Sciences Department.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
CS 203: Introduction to Formal Languages and Automata
A Lattice Model of Secure Information Flow By Dorothy E. Denning Presented by Drayton Benner March 22, 2000.
Impossibility of Distributed Consensus with One Faulty Process By, Michael J.Fischer Nancy A. Lynch Michael S.Paterson.
On the Notion of Pseudo-Free Groups Ronald L. Rivest MIT Computer Science and Artificial Intelligence Laboratory TCC 2/21/2004.
SECTION 9 Orbits, Cycles, and the Alternating Groups Given a set A, a relation in A is defined by : For a, b  A, let a  b if and only if b =  n (a)
Network and the internet Part one Introduction to computer, 2nd semester, 2009/2010 Mr.Nael Aburas Faculty of Information.
Copyright © Cengage Learning. All rights reserved. CHAPTER 8 RELATIONS.
How the Internet Works Most people use the internet but do not know how it works.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
1 7 Systems Analysis and Design in a Changing World, 2 nd Edition, Satzinger, Jackson, & Burd Chapter 7 The Object-Oriented Approach to Requirements.
SOAP, Web Service, WSDL Week 14 Web site:
HOW THE INTERNET WORKS. Introduction : The internet has brought revolutionary changes Has become a medium for interaction and information Can access to.
COMP 412, FALL Type Systems C OMP 412 Rice University Houston, Texas Fall 2000 Copyright 2000, Robert Cartwright, all rights reserved. Students.
Dr Nazir A. Zafar Advanced Algorithms Analysis and Design Advanced Algorithms Analysis and Design By Dr. Nazir Ahmad Zafar.
 2004 SDU Uniquely Decodable Code 1.Related Notions 2.Determining UDC 3.Kraft Inequality.
Section 17.1 Section 17.2 Add an audio file using HTML
B (The language of B-Method )
Information Security CS 526
Objectives In this lesson you will learn about: Need for servlets
Copyright © Cengage Learning. All rights reserved.
Information Security CS 526
Information Security CS 526
Computer Security Security Policies
Presentation transcript:

Toward A Mathematical Model of Computer Security Gina Duncanson Kevin Jonas Ben Lange John Loff-Peterson Ben Neigebauer

Introduction Computer security issues are a part of our daily life Model a secure computer system

Scope Define a secure system Use a practical example State Unwinding Theorem

Modeling a Computer System A system M can consist of: a set S of STATES, where s 0  is an initial state a set D of domains a set A of actions a set O of outputs

And Now...

Practical Example Today I will be talking about how one can apply the model of security that is explained in the paper we researched.

Defining M World Wide Web sites consists of three basic components: –Web Server –TCP/IP Connection –Web Browser Client

Defining S Web Servers always have a finite state. Generally a server travels through a cycle of states. s 0 is wait mode on a web server.

Defining D A domain is a defined section of a system. All the actions of a system occur within specified domains. This means that we can talk about actions as they relate to a client or web server’s computer.

Defining A An action is similar to a verb. Two example actions include: –A Client Inserting a URL –A Server Processing one Code Statement

Defining O Outputs are the immediate result of an action. When looking at a web site an output is: –A web server sending back a confirmation message that it exists. –The result of one code statement.

Putting it all together In order for all of these events to fit together, there are several dependencies between S, D, A, & O.

Modeling a Computer System A system M can consist of: function step: S  A  S, where step(s n, a) denotes the next state of the system after applying action a

Modeling a Computer System A system M can consist of: function output: S  A  O, where output(s,a) denotes the result returned by the action a Example: “write” command to file

Modeling a Computer System A system M can consist of: function run: S  A*  S Example: run(s,  ) = s, where  is an empty sequence of actions

Terminology STATES: use the letters s,t ACTIONS: use the letters a,b SEQUENCES OF ACTIONS: use Greek letters ,  DOMAIN: use the letters u,v,w

Communication Two domains u,v communicate if there is an information flow channel between them.

Definition Security Policy: A set of rules defining what domains can communicate. Specified by a reflexive relation:  on a domain D

Definition Security: A system is secure if the given security policy of the system completely defines all possible communication channels.

Security 2 ASSUMPTIONS: –set of security domains {u,v} –policy that restricts allowable flow of information among the domains above

And Now...

Noninterference The idea of noninterference is really rather simple: a security domain u is non-interfering with domain v if no action performed by u can influence subsequent outputs seen by v.

Intransitive Noninterference Let u not see v but u see x and x see v where u,v, and x are domains. This is an example of intransitive noninterference. In short, intransitive noninterference means there is no direct communication between u and v.

Intransitive Noninterference

And Now...

Definition ~ purge if dom(a) interferes with v otherwise

Security Security is identified by:

Restating the Expressions

Security Security is now identified by:

View-Partitioned Equivalence Relation Output Consistent

And Now...

Test and Do Test and do are abbreviations of frequently used expressions Then we say that a system is secure for policy

Output Consistency A system M is view-partitioned if, for each domain, there is an equivalence relation on S These equivalence relations are said to be output consistent if The output after executing action a is the for the states s and t, so s and t are equivalent views

Views For an output consistent system, security is achieved if “views" are unaffected. Let be a policy and M a view partitioned, output consistent system such that, This means that if you perform sequence it is equivalent to executing the purged version Then M is secure for

Views Proof: Setting u = dom(a) in the statement of the lemma gives and now substituting the u=dom(a) in for s and t, output consistency provides

Views But this is simply Which is the definition of security for Listed before

Unwinding Theorem Why is the unwinding theorem important? It provides a basis for practical methods for verifying systems that enforce noninterference policies Serves to relate noninterference policies to access control mechanisms.

Unwinding Theorem What is the Unwinding Theorem? It is hard to work with sequences of actions. The unwinding theorem states that if the security policy holds for each action, then it holds for the sequence.

Unwinding Theorem More Formally Let be a policy and M a view partitioned system that is: output consistent step consistent locally respects Then M is secure for

Questions Any Questions??

References “Noninterference, Transitivity, and Channel-Control Security Policies” by John Rushby “Problems in Computer Security” by Auerbach, Kerbel, Megraw, Osburn, Shetty with mentor John Hoffman

Thank You Dr. Steve Decklemen

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.