Confidentiality Policies and Integrity Policies by Stefanie Wilcox.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
CS691 – Chapter 6 of Matt Bishop
ISA 562 Information System Security
I NFORMATION S ECURITY : C ONFIDENTIALITY P OLICIES (C HAPTER 4) Dr. Shahriar Bijani Shahed University.
CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.
1 Confidentiality Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 18, 2004.
Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Lipner’s.
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 September 18, 2003 Introduction to Computer Security.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Sicurezza Informatica Prof. Stefano Bistarelli
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
Mandatory Security Policies CS461/ECE422 Spring 2012.
Slide #6-1 Integrity Policies CS461/ECE422 – Computer Security I Fall 2009 Based on slides provided by Matt Bishop for use with Computer Security: Art.
Security Policy Models CSC 482/582: Computer Security.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
1 Confidentiality Policies September 21, 2006 Lecture 4 IS 2150 / TEL 2810 Introduction to Security.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Chapter 5 Network Security
Chapter 6: Integrity Policies  Overview  Requirements  Biba’s models  Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
CMSC 414 Computer (and Network) Security Lecture 11 Jonathan Katz.
Access Control MAC. CSCE Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:
UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Integrity Policies Murat Kantarcioglu.
Chapter 5 – Designing Trusted Operating Systems
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 29, 2009 Security Policies Confidentiality Policies.
Materials credits: M. Bishop, UC Davis T. Jaeger, Penn State U.
1/15/20161 Computer Security Confidentiality Policies.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula.
CS426Fall 2010/Lecture 211 Computer Security CS 426 Lecture 21 The Bell LaPadula Model.
Security Models Xinming Ou. Security Policy vs. Security Goals In a mandatory access control system, the system defines security policy to achieve security.
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model.
6/22/20161 Computer Security Integrity Policies. 6/22/20162 Integrity Policies Commercial requirement differ from military requirements: the emphasis.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
TOPIC: Web Security Models
Integrity policies.
Chapter 6 Integrity Policies
Chapter 6: Integrity Policies
Chapter 5: Confidentiality Policies
Basic Security Theorem
Computer Security Confidentiality Policies
IS 2150 / TEL 2810 Introduction to Security
Advanced System Security
Security Modeling Jagdish S. Gangolly School of Business
Guest Lecture in Acc 661 (Spring 2007) Instructor: Christopher Brown)
Trust Models CS461/ECE422.
Chapter 5: Confidentiality Policies
Chapter 6: Integrity Policies
Integrity Policies Dr. Wayne Summers Department of Computer Science
Computer Security Confidentiality Policies
Chapter 6: Integrity Policies
IS 2150 / TEL 2810 Information Security & Privacy
Chapter 4: Security Policies
Computer Security Integrity Policies
Chapter 5: Confidentiality Policies
Advanced System Security
Presentation transcript:

Confidentiality Policies and Integrity Policies by Stefanie Wilcox

Confidentiality Policies n Prevent the unauthorized disclosure of information n Unauthorized alteration of information n The Bell-LaPadula Model

The Bell-LaPadula Model n Military-style classifications n Security Classifications n Security Clearances TOP SECRETTamara,ThomasPersonnel Files SECRETSally, Samuel Files CONFIDENTIALClaire,ClarenceActivity Log File UNCLASSIFIEDUlaley, UrsulaTelephone List File

The Bell-LaPadula Model n Simple Security Condition: S(subject) can read O(object) if and only if l o <= l s, and S has read access to O. n *-Property: S can write to O if and only if l s <= l o and S has write access to O. n Basic Security Theorem: A system is secure, if all transformations satisfy both.

The Bell-LaPadula Model TOP SECRETTamara,ThomasPersonnel Files SECRETSally, Samuel Files CONFIDENTIALClaire,ClarenceActivity Log File UNCLASSIFIEDUlaley, UrsulaTelephone List File

The Bell LaPadula Model n Principle of Tranquility: Subjects and objects may not change their security levels once they have been instantiated. n Declassification problem n Trusted Entities n Strong Tranquility/Weak Tranquility

Integrity Policies n Commercial and Industrial firms are more concerned with accuracy than disclosure. n Goals: 1) Users will not write their own programs, but will use existing production programs and databases. 2) Programmers will develop and test programs on a nonproduction system: if they need access to actual data, they will be given production data via a special process, but will use it on their development system. 3) A special process must be followed to install a program from the development system onto the production system. 4) The special process in #3 must be controlled and audited. 5) The managers and auditors must have access to both the system state and the system logs that are generated.

Integrity Policies n Principles of Operation: Separation of Duty Separation of Function Auditing

Integrity Policies n Biba(1977)--Integrity Model n Low-Water Mark n Ring Policy n Strict Integrity Policy

HDI n Formal Policy(Corporate) n Informal (ERP software, Payroll)

Bibliography Bishop, Matt. Computer Security: Art and Science Hanover Direct Inc. Corporate Information Systems Use Policy \

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.