CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.

Slides:

Advertisements

Similar presentations

ACCESS-CONTROL MODELS

Advertisements

1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.

Information Flow and Covert Channels November, 2006.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Lecture 8 Access Control (cont)

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

8.2 Discretionary Access Control Models Weiling Li.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Database Management System

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

19: Protection1 PROTECTION Protection is the mechanism for controlling access to computer resources. Security concerns the physical integrity of the system.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

Sicurezza Informatica Prof. Stefano Bistarelli

1 FM and Security-Overview FM Formal Security Models Based on Slides prepared by A. Jones and Y. Lin. Material based on C. Landwehr paper.

User Domain Policies.

Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Lecture 7 Access Control

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 5 September 27, 2007 Security Policies Confidentiality Policies.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.

MANDATORY FLOW CONTROL Xiao Chen Fall2009 CSc 8320.

1 Confidentiality Policies September 21, 2006 Lecture 4 IS 2150 / TEL 2810 Introduction to Security.

1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.

Chapter 5 Network Security

Li Xiong CS573 Data Privacy and Security Access Control.

12/4/20151 Computer Security Security models – an overview.

Information Security CS 526 Topic 17

COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

A Lattice Model of Secure Information Flow By Dorothy E. Denning Presented by Drayton Benner March 22, 2000.

1/15/20161 Computer Security Confidentiality Policies.

Access Control: Policies and Mechanisms Vinod Ganapathy.

Computer Security: Principles and Practice

Protection & Security Greg Bilodeau CS 5204 October 13, 2009.

CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.

Security Models Xinming Ou. Security Policy vs. Security Goals In a mandatory access control system, the system defines security policy to achieve security.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.

CSE Operating System Principles Protection.

Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.

Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.

Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.

Database System Implementation CSE 507

Access Control Model SAM-5.

Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé

Verifiable Security Goals

Operating Systems Protection Alok Kumar Jagadev.

Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.

Chapter 14: System Protection

2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.

Operating Systems Security

Computer Security Confidentiality Policies

Advanced System Security

System state models.

OS Access Control Mauricio Sifontes.

Confidentiality Models

Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)

An information flow model FM is defined by

Computer Security Access Control

Computer Security Confidentiality Policies

IS 2150 / TEL 2810 Information Security & Privacy

A Survey of Formal Models for Computer Security

Advanced System Security

Presentation transcript:

CH14 – Protection / Security

Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism –Security vs Protection Protection domain (of a subject) – resources it can access, permissible operations. Design Principles – economy, complete mediation, open design, separation of priviledges, least priviledge, least common mechanisms, acceptable, failsafe

Access Matrix Objects – entities to which access needs to be controlled (columns) Subjects – entities which access the objects (rows) Generic rights subjects have on objects Protection State is a triplet (S,O, Protection Matrix) Implementation Issues – sparsity of matrix

Access Control Lists Columnwise enumeration of (subject, rights) Requires search for subject, thus slowing access –Use of “shadow” registers Revocation is easy, as is review of access Storage can be further reduced by considering protection groups Modifying the ACL – self vs hierarchical

Capabilities Row-wise enumeration of (object, rights) Object can be specified as an address, with addressing via a table –Relocatability, sharing across programs Prevent the subject from tampering –Tagged, partitioned, encrypted Efficient, simple, flexible Problems – propagation control, review, revocation, garbage collection

Hybrid methods Lock and Key approach –Every subject has capability list indicating object and a “key” –Every object has ACL containing access modes and the lock guarding them –Rights guarded by a lock are granted to a subject whose key “opens” the lock –Revocation is easy – delete lock

Safety in Access Matrix Protection state can be changed via well understood finite set of commands e.g. create/delete subject/object, add right, delete right etc. These commands are guarded These operations themselves are “rights” to be protected

Safety notions A “safe” systems does not permit subject to get rights on object without consent of owner – impossible ? Weaker condition – can an action lead to leakage of access rights (even this is undecidable) A commands leaks a right if it can enter the right into a cell which did not contain it

“Advanced” Protection Models Take Grant model – describes protection state as graph. –S, O are nodes, edge label x denotes rights. –Special rights take and grant –Protection problem is still to see if graph can be taken to state where an edge with a desired label is added – undecidable in general, linear for particular restrictions

Bell LaPadua model Deals with information flow –S,O and security levels, each S has clearance, each O has classification. Each S also has “current clearance” –Access rights are RO, RW, Append, Execute. Owner has “control attribute” which allows it to pass above 4 rights (but not the CA). –Simple Security: S cannot read O whose classification is higher than S’s clearance

Bell Lapadua model The Star Property –S has Append access only to those O whose classification is higher or equal to its clearance –S has R access only to those O whose classification is lower or equal to its clearance –S has RW access only to those O whose classification is equal to its clearance

Bell Lapadula – State Transitions Stae of the protection system can be changed by well defined operations –get access, release access, give access, rescind access, create object, delete object, change security level Changes are protected by rules/conditions Can be restrictive, static

Lattice Model Consists of subjects, objects and security classes The relation  defines permissible information flow amongst classes –information can flow between objects if it is permissible amongst the classes they belong too. –The relation is reflexive (flow can happen amongst objects in the same class), antisymmetric (if c1  c2, then c2 \  c1), transitive (c1  c2 and c2  c3 => c1  c3)

More lattice model An information flow policy (SC,  ) forms a lattice if it is partially ordered and least upper bound and greatest lower bound exist on set of security classes –Bell Lapadula can be thought of as a linear lattice –Example of Dennig’s nonlinear Lattice with 3 properties

Military Model Four categories – unclassified, confidential, secret, top secret. These are rank ordered. Many “compartments” Class or clearance is the tuple (rank, compartment) A subject dominates an object if its rank is GEQ and it has permissions on all compartments of the object. Example with 2 ranks and compartments