Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Hybrid Policies

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Security Hybrid Policies"— Presentation transcript:

1 Computer Security Hybrid Policies
4/17/2017

2 Chinese Wall model The security policies address both confidentiality and integrity. Primitives: A database of objects, which contain information relating to a company Company Datasets (CDs) containing objects relating to a single company. Conflict Of Interest (COI) classes that contain the CDs of companies in competition. 4/17/2017

3 Example Bank COI Class Gas Company COI Class Bank of America a Shell s
Standard Oil e Citibank b Bank the West c Union ‘76 u ARCO n 4/17/2017

4 CW-simple security condition
Let PR(s) be the set of objects that subject s has read. CW-simple security condition, prelim version: s can read o iff either of the following holds. There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) For all o’  PR(s): COI(o’)  COI(o) 4/17/2017

5 CW-simple security condition
Sanitized vs unsanitized objects CW-simple security condition: s can read o iff either of the following holds. There is an object o’ such that s has accessed o’ and CD(o’) = CD(o) o’  PR(s)  COI(o’)  COI(o) o is sanitized 4/17/2017

6 CW-*property Sanitized vs unsanitized objects CW-*property:
s can write to object o iff both of the following hold. The CW-ss condition permits s to read o For all unsanitized o’: s can read o’  CD(o’) = CD(o). 4/17/2017

7 BLP & Chinese Wall BLP & CW are fundamentally different:
subjects in CW do not have security labels. BLP has no notion of “past accesses”. 4/17/2017

8 BLP & Chinese Wall To emulate CW in BLP we assign a security category to each (COI,CD) pair. We define two security levels: S for sanitized and U for unsanitized, and Define the domination: U dom S. So for example: (U,{b,s}) dom (U, b). 4/17/2017

9 Role-Based Access Control
The ability or need to access information may depend on one’s job functions, i.e., the role one has. A role r is a collection of functions. The set of authorized transactions of r is denoted by trans(r). The active role of a subject s, actr(s), is the role that s is currently performing. The authorized roles of s, authr(s), is the set of roles that s is authorized to assume. The predicate canexe(s,t), is true iff s can execute t at the current time. 4/17/2017

10 RBAC Three rules define the ability of a subject to execute a
transaction. Let S be the set of subjects and T the set of transactions. Rule of role assignment:  s  S, t  T : canexec(s,t)  actr(s)   (if s can execute a transaction t then it has an active role) Rule of role authorization:  s  S : actr(s)  authr(s) (if s is active then its role is authorized) Rule of transaction authorization:  s  S, t  T : canexec(s,t)  t  trans(actr(s)) (if s can execute t then t is an authorized transaction of s) 4/17/2017

Download ppt "Computer Security Hybrid Policies"

Similar presentations

George Mason University

George Mason University
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Multilevel Security (MLS) Database Security and Auditing.

Multilevel Security (MLS) Database Security and Auditing.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 13: Trusted Computing and Multilevel.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 13: Trusted Computing and Multilevel.
1 cs691 chow Hybrid Policies CS691 – Chapter 7 of Matt Bishop.

1 cs691 chow Hybrid Policies CS691 – Chapter 7 of Matt Bishop.
1 ISA 662 Information System Security Hybrid Policies Chapter 6 from Bishop ’ s book.

1 ISA 662 Information System Security Hybrid Policies Chapter 6 from Bishop ’ s book.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
CS591 – Chapter 5.2/5.4 of Security in Computing

CS591 – Chapter 5.2/5.4 of Security in Computing
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Information Security Principles & Applications Topic 6: Security Policy Models 虞慧群

Information Security Principles & Applications Topic 6: Security Policy Models 虞慧群
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #7-1 Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information.
May 4, 2004ECS 235Slide #1 Biba Integrity Model Basis for all 3 models: Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when.

May 4, 2004ECS 235Slide #1 Biba Integrity Model Basis for all 3 models: Set of subjects S, objects O, integrity levels I, relation ≤  I  I holding when.
Chinese wall model in the internet Environment

Chinese wall model in the internet Environment
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 7, 2004 Introduction to Computer Security Lecture.

Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 October 7, 2004 Introduction to Computer Security Lecture.
1 Hybrid Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 23, 2004.

1 Hybrid Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 23, 2004.
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

Similar presentations

Ads by Google