1 ISA 562 Internet Security Theory and Practice Midterm Exam Review.

Slides:



Advertisements
Similar presentations
ISA 562 Information System Security
Advertisements

1 Review for Exam 1 First Six Chapters of Bishop The nature of the exam: 4-5 questions Similar to the homework. Pseudo-code, modeling, etc.
1 1 -Access Control Foundational Results. 2 2 Preliminaries Undecidability The Halting Problem The Turing Machine.
I NFORMATION S ECURITY : C ONFIDENTIALITY P OLICIES (C HAPTER 4) Dr. Shahriar Bijani Shahed University.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
COEN 150: Intro to IA Authorization.
Access Control Intro, DAC and MAC System Security.
Chapter 7 Relations : the second time around
April 20, 2004ECS 235Slide #1 DG/UX System Provides mandatory access controls –MAC label identifies security level –Default labels, but can define others.
Verifiable Security Goals
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
Automata & Formal Languages, Feodor F. Dragan, Kent State University 1 CHAPTER 5 Reducibility Contents Undecidable Problems from Language Theory.
Sicurezza Informatica Prof. Stefano Bistarelli
1 FM and Security-Overview FM Formal Security Models Based on Slides prepared by A. Jones and Y. Lin. Material based on C. Landwehr paper.
User Domain Policies.
Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 5 September 27, 2007 Security Policies Confidentiality Policies.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Security & Protection.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
MANDATORY FLOW CONTROL Xiao Chen Fall2009 CSc 8320.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
ECE509 Cyber Security : Concept, Theory, and Practice Access Control Matrix Spring 2014.
1 Confidentiality Policies September 21, 2006 Lecture 4 IS 2150 / TEL 2810 Introduction to Security.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards.
Slide #2-1 Chapter 2: Access Control Matrix Overview Access Control Matrix Model Protection State Transitions –Commands –Conditional Commands.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Slide #3-1 Chapter 3: Foundational Results Overview Harrison-Ruzzo-Ullman result –Corollaries.
Slide #2-1 Access Control Matrix and Safety Results CS461/ECE422 Computer Security I, Fall 2009 Based on slides provided by Matt Bishop for use with Computer.
Slide #5-1 Confidentiality Policies CS461/ECE422 Computer Security I Fall 2010 Based on slides provided by Matt Bishop for use with Computer Security:
CMSC 414 Computer (and Network) Security Lecture 11 Jonathan Katz.
12/4/20151 Computer Security Security models – an overview.
Secure Operating Systems Lesson 4: Access Control.
Sets and Subsets Set A set is a collection of well-defined objects (elements/members). The elements of the set are said to belong to (or be contained in)
12/13/20151 Computer Security Security Policies...
1/15/20161 Computer Security Confidentiality Policies.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Computer Security: Principles and Practice
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula.
2/1/20161 Computer Security Foundational Results.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 4 September 18, 2012 Access Control Model Foundational Results.
Certification of Programs for Secure Information Flow Dorothy & Peter Denning Communications of the ACM (CACM) 1977.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.
Chapter 8: Principles of Security Models, Design, and Capabilities
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 3 September 13, 2007 Mathematical Review Security Policies.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
Verifiable Security Goals
IS 2150 / TEL 2810 Introduction to Security
IS 2150 / TEL 2810 Introduction to Security
IS 2150 / TEL 2810 Introduction to Security
OS Access Control Mauricio Sifontes.
Confidentiality Models
Computer Security Foundations
Field.
Chapter 5: Confidentiality Policies
IS 2150 / TEL 2810 Information Security & Privacy
Background material.
Background material.
Presentation transcript:

1 ISA 562 Internet Security Theory and Practice Midterm Exam Review

2 Review for the Mid-term First five chapters + Cryptography The nature of the exam: 4-5 questions Similar to the homework May have some modeling, some policy, some descriptions

3 Review Chapter 1 + Transparency CIA of Information Security What they are Given a set of requirements, can we categorize them? Access control matrix Safe state Safe state written as a (pre-condition, post condition) pair of read, write and access operations Add/delete rights Add/delete subjects, objects and operations

4 Review Chapter 1 Continued … Mono Operational Commands Single operations like add “ make P the owner of file Q ” Written formally as make.owner(p,q) Conditional commands “ If p owns f, then let p give r rights to q ” How to write them formally Multiple conditions …

5 Review of Chapter 2: Foundations ACM, ACL and capabilities Turing machines Un-decidability HRU Result: Is there an algorithm, that given an initially safe state halts and say yes/no to the safety after granting a generic right r ? Method: Encode safety, granting rights etc as Turing machine instructions Special cases are decidable: Take-grant model

6 Review of Chapter 2: Foundations Capability based systems Lock and key model Lock=object, key=subject Object carries permissions = subject presents key to unlock object

7 Review of Chapter 3: Policies Formalization of security policy using precise policy languages DAC, MAC and RBAC Specification of DAC using subjects objects and access rights

8 Review: MAC Review and background Lattices Military systems and Denning ’ s Axioms Bell-LaPadula (BLP) Policy Step 1 – clearance/classification Step 2 – categories Example System – DG/UX Tranquility Controversy at a glance

9 Supremas and Infimas of POsets Definition: (A,<) is a POset and B  A Say that b 0  A is a Least upper bound (aka Supemum) of B iff (1) b 0 is an upper bound and (2) b 0 <b for all other upper bounds b of B B1, B2, B3 B4 B5 B6 b1,b2, b3 b0 Upper bounds Lower bounds c0 c2, c3, c4 The set B Say that c 0  A is a greatest lower bound (Infimum) iff (1) c 0 is an upper bound (2)c 0 <b for all other lower bounds c of B

10 Example Lattices – Power Set Lattice S = {a,b,c} 2 S = { ,{a},{b},{c},{a,b},{b,c},{a,c},{a,b,c} } Arrows mean  (informally, included by) Special case: Total order Partial order Special case: Lattice

11 Example Product Lattice Lattice 1 (arrow means  ) Lattice 2  Lattice 1 x,y  x ’,y ’ means y ’  y and x  x ’ Lattice 2 (arrow means  )

12 BLP Rules Simple Security Policy No Read up * Security Property No write down

13 Cryptography Major uses: Confidentiality Nonrepudiation Authentication Access Control The major types: Substitution Symmetric Asymmetric RSA Diffie Hellman

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.