Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

Information Flow and Covert Channels November, 2006.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Operating System Security
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Database Systems: Design, Implementation, and Management Tenth Edition
Access Control Methodologies
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Chinese wall model in the internet Environment
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
WMS systems manage and coordinate several independent subtasks. The coordination problems get even more serious when the subtasks are performed on separate.
Designing Active Directory for Security
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
SOFTWARE DESIGN AND ARCHITECTURE LECTURE 07. Review Architectural Representation – Using UML – Using ADL.
Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.
The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
Chapter 5 Network Security
Li Xiong CS573 Data Privacy and Security Access Control.
Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
12/4/20151 Computer Security Security models – an overview.
IIS and.Net security -Vasudha Bhat. What is IIS? Why do we need IIS? Internet Information Services (IIS) is a Web server, its primary job is to accept.
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
Introduction to Access Control and Trust Management Daniel Trivellato.
Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 
(Breather)‏ Principles of Secure Design by Matt Bishop (augmented by Michael Rothstein)‏
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Privilege Management Chapter 22.
Design Principles and Common Security Related Programming Problems
Introduction to Active Directory
Computer Security: Principles and Practice
Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,
Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
1 Saltzer [1974] and later Saltzer and Schroeder [1975] list the following principles of the design of secure protection systems, which are still valid:
Security Principles.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Saurav Karmakar. Chapter 14: Protection  Goals of Protection  Principles of Protection  Domain of Protection  Access Matrix  Implementation of Access.
Software Security II Karl Lieberherr.
Graph Coverage for Specifications CS 4501 / 6501 Software Testing
Graph Coverage for Specifications CS 4501 / 6501 Software Testing
Chinese wall model in the internet Environment
Access Control What’s New?
Presentation transcript:

Software Security II Karl Lieberherr

What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit. Better to use explicit policy.

Security Goals Authentication –Who is it that is trying to do something to the what we want to protect. –URL authentication: is yourFriendlyBank.com really a friendly bank?

Security Criteria SALTZER, J. H., AND SCHROEDER, M. D. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (Sept. 1975),

Security Criteria derived from Saltzer/Schroeder Economy of mechanism Designs which are smaller and simpler are easier to inspect and trust. Fail-safe defaults By default, access should be denied unless it is explicitly granted. Complete mediation Every access to every object should be checked. Least privilege Every program should operate with the minimum set of privileges necessary to do its job. This prevents accidental mistakes becoming security problems.

Security Criteria derived from Saltzer/Schroeder Least common mechanism Anything which is shared among different programs can be a path for communication and a potential security hole, so as little data as possible should be shared. (LoD) Accountability The system should be able to accurately record ``who'' is responsible for using a particular privilege. Psychological acceptability The system should not place an undue burden on its users.

Security criteria Performance We must consider how our designs constrain system performance. Security checks which must be performed at run-time will have performance costs. Compatibility We must consider the number and depth of changes necessary to integrate the security system with the existing Java virtual machine and standard libraries. Some changes may be impractical. Remote calls If the security system can be extended cleanly to remote method invocation, that would be a benefit for building secure, distributed systems.

A Logical Framework for Reasoning about Access Control Elisa Bertino

Logical framework Models –Role-based access control Reduction to C-Datalog

Basic components Subjects –User –Process: execution of a program on behalf of user –Group: partial order –Role: partial order

Basic components Objects –Resources to be protected: partial order (has-a relationships) Privileges –Access modes subjects can exercise on objects. –Partial order expressing strength between privileges

Basic components Sessions –An instance of a connection of a user to a system. Authorization rules –Exploit subjects, objects, privileges and session attributes. Positive and negative.

Basic components Constraint rules –Cannot be violated by components of the system. Static –Without taking into account the execution state Dynamic –Taking into account the execution state

Formal Representation C-Datalog Object-oriented extension of Datalog

Brief introduction to C-Datalog C-Datalog data model –Class and relation names –Class Schema –Inheritance –Object identifiers –Instances

Security Policies Sigma: set of access events. A policy is a set P subset Sigma* of finite sequences of access events. prefix(w) = set of all prefixes of w ={u in Sigma* s.t. uv = w} A policy is prefix closed: For all W in Sigma*: if w in P then prefix(w) subset P

Security Automaton Need to implement a security automaton (SA): Sigma (access events), Q (states), q0 (initial state), delta (transition function), delta: Q x Sigma -> Q An access event sequence is accepted if by an SA if a transition is defined for every event in the sequence.

Expressiveness The class of prefix closed security policies coincides with the set of security policies accepted by a security automaton.

Chinese Wall Policy Avoid conflict that may arise due to the unchecked flow of information across data sets belonging to competing parties O: set of data objects S: set of subjects G: set of data sets T: set of conflict of interest classes

Chinese Wall Policy Assign group(o) in G to every object in O Assign type(g) in G to each dataset g in G A subject s may access a data object o only if one of the following holds: –s has already accessed another object o’: group(o) = group(o’) –Every object o’ that s has accessed: type(group(o))!=type(group(o’))

Chinese Wall Policy Conflict set 1 oil companies: Oil company A (one group A1, A2, …), Oil company B (another group B1, B2, … ) Conflict set 2 banks: Bank UBS (one group UBS1, UBS2, … ) (u,A1) ok; (u,A2) ok (same group); (u, UBS1) ok (different group and different type); B1 NOT OK (different group and same type)

Implement AspectJ

Extra slides

Java Security at IBM Research (Larry Koved: manager) Automating Security Analysis of Java Components and Programs –Invocation graphs

LoD and Security Can execute software only if secret is known. Secret consists of set of keys, one per class. What is security policy? Each object only gets keys of its authenticated friends (who share the same concerns???). What are the benefits of such a security policy? Compartmentalize?

LoD and security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.