Presentation is loading. Please wait.

Presentation is loading. Please wait.

7/16/2015 3:58 AM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "7/16/2015 3:58 AM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security."— Presentation transcript:

1 7/16/2015 3:58 AM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security

2 7/16/2015 3:58 AM Objectives Introduce the Bell LaPadula framework for confidentiality policy Discuss realizations of Bell LaPadula

3 7/16/2015 3:58 AM Follow Bishop Presentation follows Bishop’s slides for Chapter 5Bishop’s

4 7/16/2015 3:58 AM Discussion When would you choose to apply a model this restrictive?

5 7/16/2015 3:58 AM Further Reading Ross Anderson’s Security Engineering, Chapter 7: Multilevel security –Standard Criticisms –Alternative formulations –Several more examples “Looking Back at the Bell - La Padula Model”, David Elliott Bell, Proceedings 21st Annual Computer Security Applications Conference, December, 2005 –http://www.acsac.org/2005/papers/Bell.pdf

6 7/16/2015 3:58 AM Criticisms of Bell LaPadula BLP is straightforward, supports formal analysis Is it enough? McLean wrote a critical paper asserting BLP rules were insufficient

7 7/16/2015 3:58 AM McLean’s System Z Proposed System Z = BLP + (request for downgrade) User L gets file H by first requesting that H be downgraded to L and then doing a legal BLP read Proposed fix: tranquility –Strong: Labels never change during operation –Weak: Labels never change in a manner that would violate a defined policy

8 7/16/2015 3:58 AM Historical The BLP retrospective published in December is fascinating! What we know as BLP and “simple security” was the “trivial case” when labels didn’t change. Bell and La Padula expected to do a more dynamic policy

9 7/16/2015 3:58 AM Alternatives Goguen & Meseguer, 1982: Noninterference –Model computation as event systems –Interleaved or concurrent computation can produce interleaved traces –High actions have no effect on low actions The trace of a “low trace” of a system is the same for all “high processes” that are added to the mix –Problem: Needs deterministic traces; does not scale to distributed systems

10 7/16/2015 3:58 AM Nondeducibility Sutherland, 1986. –Low can not deduce anything about high with 100% certainty –Historically important, hopelessly weak –Addressed issue of nondeterminism in distributed systems

11 7/16/2015 3:58 AM Intranstitive non-interference Rushby, 1992 –Updates Goguen & Meseguer to deal with the reality that some communication may be authorized (e.g. High can interefere with low if it is mediated by crypto)

12 7/16/2015 3:58 AM Looking forward Chapter 6: Integrity Policies

Download ppt "7/16/2015 3:58 AM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security."

Similar presentations

Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
ISA 562 Information System Security

ISA 562 Information System Security
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Lecture 2 – Multilevel Security Security Computer Science Tripos part 2 Ross Anderson.

Lecture 2 – Multilevel Security Security Computer Science Tripos part 2 Ross Anderson.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Part 1: Introducing User Interface Design Chapter 1: Introduction –Why the User Interface Matters –Computers are Ubiquitous –The Importance of Good User.

Part 1: Introducing User Interface Design Chapter 1: Introduction –Why the User Interface Matters –Computers are Ubiquitous –The Importance of Good User.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Chinese wall model in the internet Environment

Chinese wall model in the internet Environment
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
6/20/2015 7:37 PM Lecture 5: Integrity Models James Hook CS 591: Introduction to Computer Security.

6/20/2015 7:37 PM Lecture 5: Integrity Models James Hook CS 591: Introduction to Computer Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Robust Declassification Steve Zdancewic Andrew Myers Cornell University.

Robust Declassification Steve Zdancewic Andrew Myers Cornell University.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.

1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.

CS 711 Fall 2002 Programming Languages Seminar Andrew Myers 2. Noninterference 4 Sept 2002.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
MT Computer Security - Models & Policies

MT Computer Security - Models & Policies
User Domain Policies.

User Domain Policies.
7/15/2015 5:04 PM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.

7/15/2015 5:04 PM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.

Similar presentations

Ads by Google