Download presentation
Presentation is loading. Please wait.
1
Computer Security Hybrid Policies
11/26/2019
2
Chinese Wall model The security policies address both confidentiality and integrity. Primitives: A database of objects, which contain information relating to a company Company Datasets (CDs) containing objects relating to a single company. Conflict Of Interest (COI) classes that contain the CDs of companies in competition. 11/26/2019
3
Example Bank COI Class Gas Company COI Class Bank of America a Shell s
Standard Oil e Citibank b Bank the West c Union ‘76 u ARCO n 11/26/2019
4
CW-simple security condition
Let PR(s) be the set of objects that subject s can read. CW-simple security condition, prelim version: s can read o iff either of the following holds. There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) For all o’ PR(s): COI(o’) COI(o) 11/26/2019
5
CW-simple security condition
Sanitized vs unsanitized objects CW-simple security condition: s can read o iff either of the following holds. There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) o’ PR(s) COI(o’) COI(o) o is sanitized 11/26/2019
6
CW-*property Sanitized vs unsanitized objects CW-*property:
s can write to object o iff both of the following hold. The CW-ss condition permits s to red o For all unsanitized o’: s can read o’ CD(o’) = CD(o). 11/26/2019
7
BLP & CW BLP & CW are fundamentally different:
subjects in CW do not have security labels. BLP has no notion of “past accesses”. To emulate CW in BLP we assign a security category to each (COI,CD) pair. We define two security levels: S for sanitized and U for unsantitized, and define U dom S. So for example: (U,{b,s}) dom (U, b). 11/26/2019
8
Role-Based Access Control
The ability or need to access information may depend on one’s job functions, i.e., one’s role. A role r is a collection of functions. The set of authorized transactions of r is denoted by trans(r). The active role of a subject s, act(s), is the role that s is currently performing. The authorized roles of s, authr(s), is the set of roles that s is authorized to assume. The predicate canexe(s,t), is true iff s can execute t at the current time. 11/26/2019
9
RBAC Three rules define the ability of a subject to execute a
transaction. Let S be the set of subjects and T the set of transactions. Rule of role assignment: s S, t T : canexec(s,t) actr(s) Rule of role authorization: s S : actr(s) authr(s) Rule of transaction authorization: s S, t T : canexec(s,t) t trans(actr(s)) 11/26/2019
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.