Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Hybrid Policies

Similar presentations


Presentation on theme: "Computer Security Hybrid Policies"— Presentation transcript:

1 Computer Security Hybrid Policies
11/26/2019

2 Chinese Wall model The security policies address both confidentiality and integrity. Primitives: A database of objects, which contain information relating to a company Company Datasets (CDs) containing objects relating to a single company. Conflict Of Interest (COI) classes that contain the CDs of companies in competition. 11/26/2019

3 Example Bank COI Class Gas Company COI Class Bank of America a Shell s
Standard Oil e Citibank b Bank the West c Union ‘76 u ARCO n 11/26/2019

4 CW-simple security condition
Let PR(s) be the set of objects that subject s can read. CW-simple security condition, prelim version: s can read o iff either of the following holds. There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) For all o’  PR(s): COI(o’)  COI(o) 11/26/2019

5 CW-simple security condition
Sanitized vs unsanitized objects CW-simple security condition: s can read o iff either of the following holds. There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) o’  PR(s)  COI(o’)  COI(o) o is sanitized 11/26/2019

6 CW-*property Sanitized vs unsanitized objects CW-*property:
s can write to object o iff both of the following hold. The CW-ss condition permits s to red o For all unsanitized o’: s can read o’  CD(o’) = CD(o). 11/26/2019

7 BLP & CW BLP & CW are fundamentally different:
subjects in CW do not have security labels. BLP has no notion of “past accesses”. To emulate CW in BLP we assign a security category to each (COI,CD) pair. We define two security levels: S for sanitized and U for unsantitized, and define U dom S. So for example: (U,{b,s}) dom (U, b). 11/26/2019

8 Role-Based Access Control
The ability or need to access information may depend on one’s job functions, i.e., one’s role. A role r is a collection of functions. The set of authorized transactions of r is denoted by trans(r). The active role of a subject s, act(s), is the role that s is currently performing. The authorized roles of s, authr(s), is the set of roles that s is authorized to assume. The predicate canexe(s,t), is true iff s can execute t at the current time. 11/26/2019

9 RBAC Three rules define the ability of a subject to execute a
transaction. Let S be the set of subjects and T the set of transactions. Rule of role assignment:  s  S, t  T : canexec(s,t)  actr(s)   Rule of role authorization:  s  S : actr(s)  authr(s) Rule of transaction authorization:  s  S, t  T : canexec(s,t)  t  trans(actr(s)) 11/26/2019


Download ppt "Computer Security Hybrid Policies"

Similar presentations


Ads by Google