Title ON FOUR DEFINITIONS OF DATA INTEGRITY Ravi Sandhu George Mason University FIVE.

Slides:

Advertisements

Similar presentations

Cyber-Identity, Authority and Trust in an Uncertain World

Advertisements

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.

George Mason University

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

ACCESS-CONTROL MODELS

1 TRANSACTION CONTROL EXPRESSIONS (TCEs) Ravi Sandhu.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.

TOPIC CLARK-WILSON MODEL Ravi Sandhu.

© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

1 Air Traffic Quality Assurance Program The Federal Aviation Administration Presented By: Gary D. Romero.

MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

CSC 405 Introduction to Computer Security

EMS Checklist (ISO model)

1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.

Project Scope Management

Checking & Corrective Action

Lecture plan Outline of DB design process Entity-relationship model

Lecture 8: Testing, Verification and Validation

Addition 1’s to 20.

Test B, 100 Subtraction Facts

Security Models and Architecture

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Verifiable Security Goals

1 Clark Wilson Implementation Shilpa Venkataramana.

1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Applied Cryptography for Network Security

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Mandatory Security Policies CS461/ECE422 Spring 2012.

Slide #6-1 Integrity Policies CS461/ECE422 – Computer Security I Fall 2009 Based on slides provided by Matt Bishop for use with Computer Security: Art.

Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Dr. Bhavani Thuraisingham Cyber Security Lecture for July 2, 2010 Security Architecture and Design.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.

Chapter 5 Network Security

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 25 Integrity Protection: Biba, Clark Wilson, and Chinese Wall.

Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.

UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Integrity Policies Murat Kantarcioglu.

12/4/20151 Computer Security Security models – an overview.

Security Architecture and Design: Part II

A security policy defines what needs to be done. A security mechanism defines how to do it. All passwords must be updated on a regular basis and every.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

6/22/20161 Computer Security Integrity Policies. 6/22/20162 Integrity Policies Commercial requirement differ from military requirements: the emphasis.

CS526Topic 19: Integrity Models1 Information Security CS 526 Topic 19: Integrity Protection Models.

TOPIC: Web Security Models

Verifiable Security Goals

Chapter 6 Integrity Policies

Chapter 5: Confidentiality Policies

Dr. Bhavani Thuraisingham Cyber Security Lecture for July 2, 2010 Security Architecture and Design.

Chapter 6: Integrity Policies

Computer Security Integrity Policies

Cryptography and Network Security

Presentation transcript:

Title ON FOUR DEFINITIONS OF DATA INTEGRITY Ravi Sandhu George Mason University FIVE

2 OBJECTIVE Reconcile 5 definitions of data integrity Scope is limited to data integrity as opposed to system integrity None of the definitions is wrong or right

3 THE FIVE DEFINITIONS 1.CourtneyExpectation of data quality 2.Sandhu-JajodiaSafeguards against improper data modification 3.ITSEC, CTCPECSafeguards against unauthorized data modification 4.Biba (or BLP)Ensure one directional information flow in a lattice 5.Network arenaSafeguards against message modification more general less general

4 THE FIVE DEFINITIONS 1.Expectation of data quality 2.Improper data modification 3.Unauthorized data modification 4.One directional information flow 5.No modification Liveness and Safety Safety Only OBJECTIVES

5 THE FIVE DEFINITIONS 1.Expectation of data quality 2.Improper data modification 3.Unauthorized data modification 4.One directional information flow 5.No modification External actions of users + Internal actions of the TCB ENFORCEMENT IS PRIMARILY BY Internal actions of the TCB

6 THE FIVE DEFINITIONS 1.Expectation of data quality 2.Improper data modification 3.Unauthorized data modification 4.One directional information flow 5.No modification Must be articulated by the System Owners POLICY Is built in

7 THE FIVE DEFINITIONS 1.Expectation of data quality 2.Improper data modification 3.Unauthorized data modification 4.One directional information flow 5.No modification Prevention + Detection ENFORCEMENT MECHANISMS Detection

8 THE DATA QUALITY DEFINITION Integrity -- The property that data, an information process, computer equipment, and/or software, people, etc., or any collection of these entities, meet an a priori expectation of quality that is satisfactory and adequate in some specific circumstance. Bob Courtney NIST Invitational Workshop on Data Integrity, 1989

9 THERMOSTAT MODEL

10 BINARY OR GRADED? Binary view: Data has integrity if its actual state differs from the ideal state by less than the tolerable limits of deviation Graded view: Data has integrity in inverse relationship to the extent that its actual state differs from the ideal state IN OTHER WORDS THIS IS A NON-ISSUE

11 CLARK-WILSON MODEL TPs CDIs USERS UDIs IVPs Internal and external consistency of CDIs

12 CLARK-WILSON RULES C1IVPs validate CDI state C2TPs preserve valid state C3Suitable (static) separation of duties C4TPs write to log C5TPs validate UDIs E1CDIs changed only by authorized TP E2Users authorized to TP and CDI E3Users are authenticated E4Authorizations changed only by security officer

13 CLARK-WILSON MODEL Concerned with improper modification of data Does not address liveness, except to require that integrity verification procedures verify correspondence of data to external reality It is one approach to –meeting the improper data modification aspects of data integrity –with a small liveness attachment

14 TYPE ENFORCEMENT (Boebert and Kain) Type enforcement can be used to implement a number of mechanisms related to improper modification of data –well-formed transformation procedures –data encapsulation –separation of duties –assured pipelines Type enforcement does not directly support liveness requirements

15 OTHER ACCESS CONTROL MODELS HRU, TAM, SPM –can be used to implement a number of mechanisms related to improper modification of data –do not directly support liveness requirements

16 DRAFT FEDERAL CRITERIA Integrity - Correctness and appropriateness of the content and/or source of a piece of information. The Courtney and Federal Criteria definitions are close enough that they can be reconciled fairly easily Courtney's definition is more general, because it is phrased in terms of data quality, which is a more general notion than the specific attributes of correctness and appropriateness

17 DOES INTEGRITY SUBSUME SECRECY? Top Secret Contents Label: Secret By Courtney and Federal Criteria definitions this is an integrity violation (if we expect labels to be correct)

18 HOMEWORK ASSIGNMENT Unclassified Contents Label: Secret Is this an integrity violation?

19 PANELISTS John Dobson Carl Landwehr LouAnna Notargiacomo Marv Schaefer