Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Hybrid Policies

Published bySvein Fredriksen Modified over 5 years ago

Similar presentations

Presentation on theme: "Computer Security Hybrid Policies"— Presentation transcript:

1 Computer Security Hybrid Policies
11/26/2019

2 Chinese Wall model The security policies address both confidentiality and integrity. Primitives: A database of objects, which contain information relating to a company Company Datasets (CDs) containing objects relating to a single company. Conflict Of Interest (COI) classes that contain the CDs of companies in competition. 11/26/2019

3 Example Bank COI Class Gas Company COI Class Bank of America a Shell s
Standard Oil e Citibank b Bank the West c Union ‘76 u ARCO n 11/26/2019

4 CW-simple security condition
Let PR(s) be the set of objects that subject s can read. CW-simple security condition, prelim version: s can read o iff either of the following holds. There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) For all o’  PR(s): COI(o’)  COI(o) 11/26/2019

5 CW-simple security condition
Sanitized vs unsanitized objects CW-simple security condition: s can read o iff either of the following holds. There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) o’  PR(s)  COI(o’)  COI(o) o is sanitized 11/26/2019

6 CW-*property Sanitized vs unsanitized objects CW-*property:
s can write to object o iff both of the following hold. The CW-ss condition permits s to red o For all unsanitized o’: s can read o’  CD(o’) = CD(o). 11/26/2019

7 BLP & CW BLP & CW are fundamentally different:
subjects in CW do not have security labels. BLP has no notion of “past accesses”. To emulate CW in BLP we assign a security category to each (COI,CD) pair. We define two security levels: S for sanitized and U for unsantitized, and define U dom S. So for example: (U,{b,s}) dom (U, b). 11/26/2019

8 Role-Based Access Control
The ability or need to access information may depend on one’s job functions, i.e., one’s role. A role r is a collection of functions. The set of authorized transactions of r is denoted by trans(r). The active role of a subject s, act(s), is the role that s is currently performing. The authorized roles of s, authr(s), is the set of roles that s is authorized to assume. The predicate canexe(s,t), is true iff s can execute t at the current time. 11/26/2019

9 RBAC Three rules define the ability of a subject to execute a
transaction. Let S be the set of subjects and T the set of transactions. Rule of role assignment:  s  S, t  T : canexec(s,t)  actr(s)   Rule of role authorization:  s  S : actr(s)  authr(s) Rule of transaction authorization:  s  S, t  T : canexec(s,t)  t  trans(actr(s)) 11/26/2019

Download ppt "Computer Security Hybrid Policies"

Similar presentations

George Mason University

George Mason University
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Multilevel Security (MLS) Database Security and Auditing.

Multilevel Security (MLS) Database Security and Auditing.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 13: Trusted Computing and Multilevel.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 13: Trusted Computing and Multilevel.
1 cs691 chow Hybrid Policies CS691 – Chapter 7 of Matt Bishop.

1 cs691 chow Hybrid Policies CS691 – Chapter 7 of Matt Bishop.
1 ISA 662 Information System Security Hybrid Policies Chapter 6 from Bishop ’ s book.

1 ISA 662 Information System Security Hybrid Policies Chapter 6 from Bishop ’ s book.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Information Security Principles & Applications Topic 6: Security Policy Models 虞慧群

Information Security Principles & Applications Topic 6: Security Policy Models 虞慧群
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.

Confidentiality Policies  Overview  What is a confidentiality model  Bell-LaPadula Model  General idea  Informal description of rules  Formal description.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.
May 4, 2004ECS 235Slide #1 Biba Integrity Model Basis for all 3 models: Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when.

May 4, 2004ECS 235Slide #1 Biba Integrity Model Basis for all 3 models: Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when.
Chinese wall model in the internet Environment

Chinese wall model in the internet Environment
1 Hybrid Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 23, 2004.

1 Hybrid Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 23, 2004.
Computer Security Hybrid Policies

Computer Security Hybrid Policies

Similar presentations

Ads by Google