Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1.

Published byMarcia Lucas Modified over 8 years ago

Similar presentations

Presentation on theme: "Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1."— Presentation transcript:

1 Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1

2 O utline: Introduction Mandatory Security Model What is BLP Defining Security Policy Security Levels Security Policies Defining Security Level Multi-Level Directories Conclusion 2

3 Introduction: MAC – Mandatory Access Control Users and Resources in the system are defined subjects and objects separately and abstractly by MAC. Security of system directly depends on operating system services and mechanisms. How is the System made Secure….??? 3

4 Contd… MAC Mechanisms are added to the OS. Users and Information in a system are assigned sensitivity labels that are a combination of Hierarchal and Non Hierarchal categories. Labels are the basis for MAC decisions. Subjects and Objects. 4

5 Mandatory Security Model Security model is used to describe the security characteristics of the system and users. Through this security architecture can be easily analyzed abstractly. Existence of Objects : which are viewed as the consisting information, Subjects: are the agents, which act upon those objects. 5

6 What does MAC do? MAC is the problem of appropriately governing subjects access to objects according to their security levels. The access of subjects to the objects should be mediated in accordance. Subjects : Human Users or Processors Objects : Containers of the sensitive information. 6

7 BLP(Bell and LaPadula Model) Model for the Mandatory Security Model. Goal: Describes system with multilevel security policy and operations in the system exactly. There are four access modes between subjects and objects, 1.Read-Only 2.Append 3. Execute 4. Read- Write 7

8 Components: System State: Each state in it is defined by V=(B*M*F*H), B is the P(S*0*A) M is the Access Control Matrix that can access Si to an object Oj. F – Functions of the Security level. f s(s) – Maximal Security Level, f c(s) – Current Security Level, f o(o) – Security Level of object. 8

9 State Transition: It is defined by a set of operation rules, Decision (output), Request (r) Next State p: RxV DxV RxV – request state pairs, DxV – Decision State pairs D = {yes, no, error, ?} State. : A system (R, D, W, z) is a subset of (X, Y, Z ), and (x, y, z ) (R, D, W, z) iff (xt, yt, zt, zt- 1) eW, z) is a beginning state. 9

10 Axiom of Model: 10

11 Defining Security Policy When a process accesses a object, the subject level would compared with the object level so that MAC can determine whether the process could access. Security Levels : a. Hierarchical classification and b. Nonhierarchical categories 11

12 Hierarchical classification : composes a partially ordered set of security levels, which can be coded by binary. Example : {top secret > secret > confidential > unclassified). Non-Hierarchical classification: unordered set. Example : Security UnixWare, it supports 256 classifications and 1024 Categories. 12

13 Security Levels: Security Levels S1 and S2: S1 dominates S2 iff, (a). S2 S1 (b). Classifications (S1 ≥ S2) S1 equal to S2 iff, (a). Classifications(S1=S2) (b). Categories (S1= S2) For all other Conditions, S1 is independent os S2. 13

14 Security Policies: Mandatory Security Policy 1: If and only if subject level dominates or equals to object level, a subject can have Read or Execute access to an Object; In the similar way it can have Write or Append access to object. This policy accords with the BLP model discussed earlier. Mandatory Security Policy 2: If and only if subject level dominates or equals to object level, a subject can have Read or Execute access to an Object; If subject level equals to object level, subject can have Write access. If subject level dominates object level, subject can have Append access. 14

15 This policy leaves potential damage during covert channel analysis. For example, a user with high-level can enable or disable write access to an object with high- level, but a process with low-level still can get information about whether this file could be written through a number of trial “Append”. So this policy is not very rational. Mandatory Security Policy 3: If and only if subject level dominates or equals to object level, a subject can have Read or Execute access to an object; If and only if Subject level equals to object level, a subject can have Write or Append access to an object. 15

16 Defining Security Level Users security level limits the user’s ability to read and change the information. This limits are enforced by the TCB. A level alias is assigned for every level and given by LID. It is the number system that uses to identify a level. Four Classifications, four categories and eight levels are predefined. This is mainly used to separate the Users from Administrators. 16

17 Multi-Level Directories 17

18 If a process’s multilevel directory mode is virtual, then an access to a multilevel directory by that process is modified by the kernel. The kernel changes the requested access to an access to an effective directory within the multilevel directory. If the process’s multilevel directory mode is real, an access to a multilevel directory by that process is not modified by the system. The process in real mode can see all effective directories in the multilevel directory, subject to MAC restrictions. 18

19 Conclusion: MAC is one of the key mechanism in security operating system, is absolutely necessary to enhance system security, and if there isn’t MAC the system wouldn’t reach to high security grade. Through designing and implementing above security policy and functions, adding MAC module in UnixWare, system security is increased highly. We test performance of some representative system calls separately in UnixWare with MAC module and in UnixWare without MAC module, it can be concluded that system efficiency is not decreased very much. 19

20 References: [l] Edmund Clarke and Jeannette Wing Formal methods State of the art aid future directions. Report of the ACM Workshop on Strategic Directions in Computing Research, Formal Methods Subgroup, August 1996 Available as CMU Computer Science Technical Report CMU- CS-96- 1 78 [2] IS0 WG3 Evaluation Criteria for IT Security, ISO/IEC Standard, 15408-1 1999, 1999 20

21 Thank you…!! 21

Download ppt "Design and Implementation MAC in Security Operating System CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang Presented By, Venkateshwarlu Jangili. 1."

Similar presentations

11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.

11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Operating System Security

Operating System Security
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under.

Special systems: MLS Multilevel security [“Red book” US-DOD 1987] Considers the assurance risk when composing multilevel secure systems evaluated under.
Vinay Kumar Madhadi 10/28/2009 CSC-8320. Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.

Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.

Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
User Domain Policies.

User Domain Policies.
Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.

CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.

© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.

3/16/2004Biba Model1 Biba Integrity Model Presented by: Nathan Balon Ishraq Thabet.

Similar presentations

Ads by Google