Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Clark Wilson Implementation Shilpa Venkataramana.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Clark Wilson Implementation Shilpa Venkataramana."— Presentation transcript:

1 1 Clark Wilson Implementation Shilpa Venkataramana

2 2 Overview Introduction Types of Clark Wilson Implementation – The Lee and Shockley Implementation – The Karger Implementation – The Jueneman Implementation – The Gong Implementation References

3 3 Introduction – Clark Wilson Implementation Provides a foundation of specifying and analyzing an integrity policy for a computing system An integrity policy describes how the data items in the system should be kept valid from one state of the system to the next and specifies the capabilities of various principals in the system. Integrity defined by a set of constraints – Eg - bank D is today deposits, W is withdrawal, YB is yesterday’s balance, TB is today’s balance Integrity constraints – TB = D+YB-W

4 4 The Lee and Shockley Implementation In 1988, Lee and Shockley independently developed implementations of the Clark-Wilson integrity model using Biba’s integrity categories and trusted subjects. Both of these implementations were based on sensitivity levels constructed from independent elements.

5 5 The Lee and Shockley Implementation Each level represents a sensitivity to disclosure and a sensitivity to modification. Data is manipulated by certified transactions, which are trusted subjects. The trusted subject can transform data from a specific input type to a specific output type.

6 6 The Lee and Shockley Implementation The Biba lattice philosophy is implemented so that a subject may not read above its level in disclosure or below its level in integrity. Every subject and object has both disclosure and integrity levels for use in this implementation. The Lee and Shockley implementations prevent unauthorized users from modifying data.

7 7 Karger Implementation In 1988, Karger proposed another implementation of the Clark-Wilson integrity model, augmenting it with his secure capabilities architecture (developed in 1984) and a generic lattice security model. The capabilities architecture combined with access control lists that represent the security lattice provide for improved flexibility in implementing integrity.

8 8 Karger Implementation The Karger implementation requires that the access control lists that contains the specifics of the Clark- Wilson triples- – the names of the subjects and objects the user is requesting access to and – the names of the programs that provide the access, to enable implementation of static separation of duties Static separation of duties prevents unauthorized users from modifying data and prevents authorized users from making improper modifications

9 9 Karger Implementation It uses capabilities with access control lists that limits actions to particular domains. The complex access control lists not only contain the triples but specify the order in which the transactions must be executed. These lists are used with audit-based capabilities to enforce dynamic separation of duties.

10 10 Karger Implementation Karger Implementation provides three levels of integrity – First – Triples in access control lists to allow for basic integrity – Second –capabilites architecture can be used with access control lists – Third - Support both dynamic separation duties and well formed transactions

11 11 Jueneman Implementation In 1989, Jueneman proposed a defensive detection implementation for use on dynamic networks of interconnected trusted computers communicating through unsecured media. This implementation was based on mandatory and discretionary access controls, encryption, checksums, and digital signatures.

12 12 Jueneman Implementation It prevents unauthorized users from modifying data The control mechanisms in this implementation support the philosophy that the originator of an object is responsible for its confidentiality and that the recipient is responsible for its integrity in a network environment. The mandatory access controls prevent unauthorized modification within the trusted computers and detect modifications external to the trusted computers.

13 13 Jueneman Implementation The control mechanisms in this implementation support the philosophy that the originator of an object is responsible for its confidentiality and that the recipient is responsible for its integrity The mandatory access controls prevent unauthorized modification within the trusted computers and detect modifications external to the trusted computers.

14 14 Jueneman Implementation The discretionary access controls prevent the modification, destruction, or renaming of an object by a user who qualifies under mandatory control but lacks the owner’s permission to access the object. The encryption mechanism is used to avoid unauthorized disclosure of the object. Checksums verify that the communication received is the communication that was sent, and digital signatures are evidence of the source of the communication

15 15 Gong Implementation The Gong implementation, developed in 1989, is an identity-based and capability-oriented security system for distributed systems in a network environment. Capabilities identify each object and specify the access rights (i.e., read, write and update) to be allowed each subject that is authorized access. Access authorizations are provided in an access list.

16 16 Gong Implementation The Gong implementation consists of subjects (i.e., users), objects, object servers, and a centralized access control server. The access control server contains the access control lists, and the object server contains the capability controls for each object.

17 17 Gong Implementation This implementation is very flexible because it is independent of the protection policy (i.e., the Bell-LaPadula disclosure lattice, the Biba integrity lattice, the Clark-Wilson access triples, or the Lee-Shockley nonhierarchical categories). The Gong implementation can be used to prevent unauthorized users from modifying data and to prevent authorized users from making unauthorized modifications.

18 18 Reference http://www.cccure.org/Documents/HISM/028- 029.html http://en.wikipedia.org/wiki/Clark-Wilson_model http://en.wikipedia.org/wiki/Biba_Model http://wapedia.mobi/en/The_Clark- Wilson_Integrity_Model http://wapedia.mobi/en/The_Clark- Wilson_Integrity_Model

Download ppt "1 Clark Wilson Implementation Shilpa Venkataramana."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
TOPIC CLARK-WILSON MODEL Ravi Sandhu.

TOPIC CLARK-WILSON MODEL Ravi Sandhu.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Access Control Methodologies

Access Control Methodologies
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Verifiable Security Goals

Verifiable Security Goals
1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.

1 Integrity Policies CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 22, 2004.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.
User Domain Policies.

User Domain Policies.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

Similar presentations

Ads by Google