Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection and Security An overview of basic principles CS5204 – Operating Systems1.

Published byTracey Washington Modified over 9 years ago

Similar presentations

Presentation on theme: "Protection and Security An overview of basic principles CS5204 – Operating Systems1."— Presentation transcript:

1 Protection and Security An overview of basic principles CS5204 – Operating Systems1

2 Protection/Security overview CS 5204 – Operating Systems2 Protection and Security Issues: authentication: verifying a claim of identity authorization: verifying a claim of permission audit: verifying the (non)occurrence of previous actions Reference Monitor Model Authentication Authorization Audit (Au = gold) aka: AAA From: “Computer Security in the Real World”, Lampson, 2004.

3 Protection/Security overview CS 5204 – Operating Systems3 Security Goals and Principles Goals: integrity - modification only by authorized parties confidentiality - access only by authorized parties non-repudiation - inability to disclaim authorship authenticity - verifiability of source availability - continuous access by authorized parties Principles: least privilege - minimization of rights separation of duties (by task, by person) economy of mechanism - simplest means of enforcement acceptability – adoptable/usable by user community complete mediation - universal enforcement of control open design - secrecy of enforcement mechanisms is not important

4 Protection/Security overview CS 5204 – Operating Systems4 Elements of a Secure System Specification/Policy  secrecy  integrity  availability  accountability Implementation/Mechanism  isolation (impractical)  exclusion (code signing, firewalls)  restriction (sandboxing)  recovery  punishment Correctness/Assurance  trusted computing base  defense in depth  usability  theory From: “Computer Security in the Real World”, Lampson, 2004.

5 Protection/Security overview CS 5204 – Operating Systems5 Access Matrix Access Matrix Model Objects Subjects P[s,o] o s

6 Protection/Security overview CS 5204 – Operating Systems6 Access Matrix subjects objects

7 Protection/Security overview CS 5204 – Operating Systems7 Manipulating the Access Matrix

8 Protection/Security overview CS 5204 – Operating Systems8 Capability Lists O3O3 O2O2 O1O1 s1s1 s3s3 s2s2 s1s1 s2s2 s3s3 grouped by subject Capability Lists r1r1 r5r5 r4r4 r3r3 r2r2 (r 1, O 1 ) (r 5, O 1 ) (r 4, O 3 ) (r 3, O 2 ) (r 2, O 3 )

9 Protection/Security overview CS 5204 – Operating Systems9 Access Control Lists O3O3 O2O2 O1O1 s1s1 s3s3 s2s2 Grouped by object O1O1 O2O2 O3O3 Access Control Lists r1r1 r3r3 r4r4 r5r5 r2r2 (s 2, r 4 ) (s 1, r 2 ) (s 2, r 3 ) (s 3, r 5 ) (s 1, r 1 )

10 Protection/Security overview CS 5204 – Operating Systems10 Role-Based Access Control (RBAC) O3O3 O2O2 O1O1 s1s1 s3s3 s2s2 grouped by multiple subjects s4s4 s5s5 r2r2 r1r1 r2r2 r1r1 r3r3 r4r4 r4r4 r4r4 r3r3 r3r3 Role 1 (r 4,O 3 ) (r 1,O 1 ) (r 2,O 2 ) Role 2 (r 3,O 2 ) Role 1 s3s3 s2s2 s4s4 s5s5 s1s1 Role 2 Role assignment Privilege assignment

11 Protection/Security overview CS 5204 – Operating Systems11 Role-Based Access Control (RBAC) Roles model particular jobs or duties in an organization Single user may play multiple roles at the same or different times Multiple users may play the same role at the same or different times The user-role assignment may be made separately from the role-permission assignment

12 Protection/Security overview CS 5204 – Operating Systems12 Classes, Levels, Domains O3O3 O2O2 O1O1 s1s1 s3s3 s2s2 Grouped by multiple objects O 1 & O 2 O4O4 classes, levels, domains O4O4 O5O5 O 3 & O 5 r1r1 r1r1 r1r1 r2r2 r2r2 r3r3 r3r3 r3r3 r1r1 r1r1 (s 3, r 2 ) (s 1, r 1 ) (s 3, r 3 ) (s 2, r 1 ) (s 2, r 3 ) (s 1, r 1 )

13 Protection/Security overview CS 5204 – Operating Systems13 Bell­LaPadula Model i level 1 level i level n *-property objects classification clearance subject w r,w r

14 Protection/Security overview CS 5204 – Operating Systems14 Lock and Key Method subjects possess a set of keys: objects are associated with a set of locks Lock (k, {r 1, r 2,...}) Key (O, k) Key

15 Protection/Security overview CS 5204 – Operating Systems15 Comparison of methods Locks & Keys Access Control List revocation propagation reclamation Capability list review 1 1 2 4 4 3 1. need copy bit/count for control 2. need reference count 3. need user/hierarchical control 4. need to know subject­key mapping

16 Protection/Security overview CS 5204 – Operating Systems16 Task-based Access Control (TBAC) R.K. Thomas and R.S. Sandhu, “Task-based Authorization Controls (TBAC): A Family of Model for Active and Enterprise-oriented Authorization Management.”

17 Protection/Security overview CS 5204 – Operating Systems17 Team-based Access Control W. Tolone, G. Ahn, T. Pai, “Access Control in Collaborative Systems.”

Download ppt "Protection and Security An overview of basic principles CS5204 – Operating Systems1."

Similar presentations

Operating System Security

Operating System Security
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.

Lakshmi Narayana Gupta Kollepara 10/26/2009 CSC-8320.
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
Access Control Methodologies

Access Control Methodologies
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
User Domain Policies.

User Domain Policies.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Security & Protection.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.

CS-550 (M.Soneru): Protection and Security - 2 [SaS] 1 Protection and Security - 2.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.

Similar presentations

Ads by Google