CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Security Policies.

Slides:



Advertisements
Similar presentations
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Advertisements

JENNIS SHRESTHA CSC 345 April 22, Contents Introduction History Flux Advanced Security Kernel Mandatory Access Control Policies MAC Vs DAC Features.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Database Management System
Access Control Intro, DAC and MAC System Security.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
1 Flexible Mandatory Access Control (MAC) in Modern Operating Systems Jeffrey H. Jewell CS 591 December 7, 2009 Jeffrey H. Jewell CS 591 December 7, 2009.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
1 Security Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 15, 2004.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
CMSC 414 Computer (and Network) Security Lecture 10 Jonathan Katz.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
I NFORMATION S ECURITY : S ECURITY P OLICIES (C HAPTER 4) Dr. Shahriar Bijani Shahed University.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Computer Security An overview of terms and key concepts.
Security Policy Models CSC 482/582: Computer Security.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.
FOSS Security through SELinux (Security Enhanced Linux) M.B.G. Suranga De Silva Information Security Specialist TECHCERT c/o Department of Computer Science.
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they cover –Policy languages The nature of mechanisms –Types Underlying both.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
12/13/20151 Computer Security Security Policies...
Security Policies CS461/ECE422 Computer Security I Spring 2010.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Trusted Operating Systems
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
SCSC 455 Computer Security Chapter 3 User Security.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Privilege Management Chapter 22.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Csci5233 computer security & integrity 1 Security Policies.
Michael Tinker September 16, 2004
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
INTRO TO COMPUTER SECURITY LECTURE 2 Security Policies M M Waseem Iqbal
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
MLS/MCS on SE Linux Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework Uses.
CS580 Internet Security Protocols
Database System Implementation CSE 507
Access Control Model SAM-5.
Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
Advanced System Security
CSC 482/582: Computer Security
Chapter 4: Security Policies
Security.
Chapter 4: Security Policies
Chinese wall model in the internet Environment
Computer Security Access Control
Operating System Concepts
Computer Security Security Policies
Chapter 4: Security Policies
Presentation transcript:

CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Security Policies

CSC 382: Computer SecuritySlide #2 Topics 1.What is a security policy? 2.Types of Access Control 1.Discretionary (DAC) 2.Mandatory (MAC) 3.Originator-based (ORBAC) 3.Types of Policies 1.Multilevel: Bell LaPadula 2.Clark Wilson 3.Chinese Wall 4.Policy Expression Languages

CSC 382: Computer SecuritySlide #3 Security Policy Security policy partitions system states into: –Authorized (secure) These are states the system is allowed to enter. –Unauthorized (nonsecure) If the system enters any of these states, it’s a security violation. Secure system –Starts in authorized state. –Never enters unauthorized state.

CSC 382: Computer SecuritySlide #4 Policy vs. Mechanism Security Policy –Statement that divides system into authorized and unauthorized states. Mechanism –Entity or procedure that enforces some part of a security policy.

CSC 382: Computer SecuritySlide #5 Dirty Politics Republican Senate staffers gained access to Democrat computer files –Both parties share computer server. –2001 misconfiguration allowed access w/o pw. –Defence: "The bottom line here is that the technology staff of the Democrats was negligent. They put these memos in a shared hard drive. It was like putting the memos on our desk.” – Manuel Miranda

CSC 382: Computer SecuritySlide #6 Types of Access Control Discretionary Access Control (DAC, IBAC) –Individual user sets access control mechanism to allow or deny access to an object. UNIX and NT ACLs. Mandatory Access Control (MAC) –System mechanism controls access to object, and individual cannot alter that access. Originator Controlled Access Control (ORCON) –Originator (creator, not current owner of file) of information controls who can access information. DRM-controlled files.

CSC 382: Computer SecuritySlide #7 MAC Example: SELinux What is SELinux? –Linux kernel modifications to provide MAC. What’s the problem with DAC? –TCB large: Security depends on kernel, all privileged aplications, and their configurations. –Coarse-grained: Applications run with all user privileges, even for root user. Security of MAC depends on: –kernel –SElinux security policy configuration

CSC 382: Computer SecuritySlide #8 SELinux Advantages and Issues Advantages –Fine-grained control by program, not by user. –Protects system from flawed or malicious code. Security policy configuration is complex. –Policy language resembles DTEL. –Fine-grained: can control program accesses to individual files, signals, etc. Difficult to find security policies that work for everyone. –Fedora Core 2’s strict policy caused many problems. –Fedora Core 3 applies policies to known server and system process, lets other programs run w/o restriction.

CSC 382: Computer SecuritySlide #9 SELinux Command Extensions > id -Z user_u:system_r:unconfined_t > ps -eZ |head LABEL PID TTY TIME CMD user_u:system_r:unconfined_t 1 ? 00:00:00 init user_u:system_r:unconfined_t 21 ? 00:00:00 kacpid user_u:system_r:syslogd_t 3826 ? 00:00:00 syslogd user_u:system_r:unconfined_t 3841 ? 00:00:00 irqbalance user_u:system_r:portmap_t 3852 ? 00:00:00 portmap user_u:system_r:ypbind_t 4024 ? 00:00:00 ypbind > ls -lZ /boot/vmlinuz _FC3smp -rw-r--r-- root root system_u:object_r:boot_t /boot/vmlinuz _FC3smp

CSC 382: Computer SecuritySlide #10 ORBAC Example: CSS Content Scrambling System (CSS) –Used to encrypt DVDs. –DVD reader needs CSS decryption key. CSS limits use of DVDs even though you control the OS (MAC) and filesystem ACLs. –Region-coding. –Unskippable commercials.

CSC 382: Computer SecuritySlide #11 Types of Security Policies Confidentiality –Military/government policies. Integrity –Commercial policies. Availability –Quality of service agreements.

CSC 382: Computer SecuritySlide #12 Confidentiality X set of entities, I information. I has confidentiality property with respect to X if no x in X can obtain information from I. I can be disclosed to others. Example: –X is the set of students. –I is the final exam answer key. –I is confidential with respect to X if students cannot obtain final exam answer key.

CSC 382: Computer SecuritySlide #13 Integrity X set of entities, I information. I has integrity property with respect to X if all x in X trust information in I. Types of integrity: –trust I, its conveyance and protection (data integrity) –I information about origin of something or an identity (origin integrity, authentication) –I resource: means resource functions as it should (assurance)

CSC 382: Computer SecuritySlide #14 Availability X set of entities, I resource. I has availability property with respect to X if all x in X can access I. Types of availability: –traditional: x gets access or not –quality of service: promise specific level of access (e.g., a specific level of bandwidth)

CSC 382: Computer SecuritySlide #15 Multilevel Security Policies Bell-LaPadula Model Classifications 1.Top Secret 2.Secret 3.Confidential 4.Unclassified Simple Security Property No read up. *-Property No write down.

CSC 382: Computer SecuritySlide #16 Multilateral Security Policies Chinese Wall Model CD: Company dataset COI: Conflict of interest class If you read one CD of a COI, you never can read any other CDs from that COI. Oil COI Class US Bank PNCCitibank Bank COI Class Shell BP Exxon ARCO

CSC 382: Computer SecuritySlide #17 Policy Languages Express security policies in a precise way. High-level languages –Policy constraints expressed abstractly. Low-level languages –Policy constraints expressed in terms of program options, input, or specific characteristics of entities on system.

CSC 382: Computer SecuritySlide #18 High-Level Policy Languages Constraints expressed independent of enforcement mechanism. Constraints restrict entities, actions. Constraints expressed unambiguously –Requires a precise language, usually a mathematical, logical, or programming-like language.

CSC 382: Computer SecuritySlide #19 Example: Web Browser Goal: restrict actions of Java programs that are downloaded and executed under control of web browser. Policy language specific to Java programs. Expresses constraints as conditions restricting invocation of entities.

CSC 382: Computer SecuritySlide #20 Expressing Constraints Entities are classes, methods –Class: set of objects that an access constraint constrains. –Method: set of ways an operation can be invoked. Operations –Instantiation: s creates instance of class c: s -| c –Invocation: s1 executes object s2: s1 |-> s2 Access constraints –deny(s op x) when b –While b is true, subject s cannot perform op on (subject or class) x; empty s means all subjects.

CSC 382: Computer SecuritySlide #21 Sample Constraints Downloaded program cannot access password database file on UNIX system Program’s class and methods for files: class File { public file(String name); public String getfilename(); public char read(); Constraint: deny( |-> file.read) when (file.getfilename() == /etc/passwd)

CSC 382: Computer SecuritySlide #22 Another Sample Constraint At most 100 network connections open. Socket class defines network interface –Network.numconns method giving number of active network connections. Constraint deny( -| Socket) when (Network.numconns >= 100)

CSC 382: Computer SecuritySlide #23 Discussion: Buying HDs on Ebay 2 MIT grad students bought 158 used HDs. –28 (17%) had fully functioning operating systems. –57 (36%) were formatted, but recoverable. –29 (18%) didn’t work at all. –In total, 117 (74%) had recoverable data. Recovered data included –Personal and corporate financial records. –Personal and credit cards. Is discarded data a security issue?

CSC 382: Computer SecuritySlide #24 Low-Level Policy Languages Set of inputs or arguments to commands. –Check or set constraints on system. Low level of abstraction. –Need details of system, commands.

CSC 382: Computer SecuritySlide #25 Example: X Window System UNIX X11 Windowing System. Access to X11 display controlled by list –List says what hosts allowed, disallowed access xhost +groucho -chico Connections from host groucho allowed. Connections from host chico not allowed.

CSC 382: Computer SecuritySlide #26 Example: tripwire File scanner that reports changes to file system and file attributes –tw.config describes what may change /usr/mab/tripwire +gimnpsu a Check everything but time of last access (“-a”) –database holds previous values of attributes

CSC 382: Computer SecuritySlide #27 Example Database Record /usr/mab/tripwire/README 0..../ gtPvf.gtPvY.gtPvY 0.ZD4cc0Wr8i21ZKaI..LUOr3.0fwo5:hf4e4.8TAqd0V4ubv ? b3 1M4GX01xbGIX0oVuGo1h15z3 ?:Y9jfa04rdzM1q:eqt1APgHk ?.Eb9yo.2zkEh1XKovX1:d0wF0kfAvC ?1M4GX01xbGIX2947jdyrior38h15z3 0 file name, version, bitmask for attributes, mode, inode number, number of links, UID, GID, size, times of creation, last modification, last access, cryptographic checksums

CSC 382: Computer SecuritySlide #28 Comments System administrators not expected to edit database to set attributes properly. Checking for changes with tripwire is easy. –Just run once to create the database, run again to check. Checking for conformance to policy is harder. –Need to either edit database file, or (better) set system up to conform to policy, then run tripwire to construct database.

CSC 382: Computer SecuritySlide #29 Example: PAM Pluggable Authentication Modules Config: /etc/pam.conf or /etc/pam.d/prog login auth required pam_unix.so login account required pam_unix.so login password required pam_unix.so login session required pam_unix.so Format: service modtype controlflag module

CSC 382: Computer SecuritySlide #30 Example: PAM (cont.) Module Types: –Auth: authenticates user –Account: non-auth access control (time, place) –Password: updates auth token –Session: user setup (including logging) Control Flags: –required: must succeed for access, all entries checked –requisite: required, but returns immediately on failure –sufficient: access granted if this condition true

CSC 382: Computer SecuritySlide #31 Key Points Policies describe what is allowed. Mechanisms control how policies are enforced. Types of Access Control –Discretionary (DAC) –Mandatory (MAC) –Originator Based (ORBAC) Trust underlies everything.

CSC 382: Computer SecuritySlide #32 References 1.Anderson, Ross, Security Engineering, Wiley, David E. Bell and Leonard J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA (Mar. 1976) 3.Bishop, Matt, Introduction to Computer Security, Addison- Wesley, Department of Defense, Trusted Computer System Evaluation Criteria, DoD STD (“Orange Book”), National Computer Security Center, Ft. Meade, MD (Dec. 1985) Peter Loscocco and Stephen Smalley, “Integrating Flexible Support for Security Policies into the Linux Operating System,” Proceedings of the FREENIX Track of the 2001 USENIX Annual Technical Conference, 2001.Integrating Flexible Support for Security Policies into the Linux Operating System

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.