Presentation is loading. Please wait.

Presentation is loading. Please wait.

Title ON FOUR DEFINITIONS OF DATA INTEGRITY Ravi Sandhu George Mason University FIVE.

Published byIsaac Erickson Modified over 10 years ago

Similar presentations

Presentation on theme: "Title ON FOUR DEFINITIONS OF DATA INTEGRITY Ravi Sandhu George Mason University FIVE."— Presentation transcript:

1 Title ON FOUR DEFINITIONS OF DATA INTEGRITY Ravi Sandhu George Mason University FIVE

2 2 OBJECTIVE Reconcile 5 definitions of data integrity Scope is limited to data integrity as opposed to system integrity None of the definitions is wrong or right

3 3 THE FIVE DEFINITIONS 1.CourtneyExpectation of data quality 2.Sandhu-JajodiaSafeguards against improper data modification 3.ITSEC, CTCPECSafeguards against unauthorized data modification 4.Biba (or BLP)Ensure one directional information flow in a lattice 5.Network arenaSafeguards against message modification more general less general

4 4 THE FIVE DEFINITIONS 1.Expectation of data quality 2.Improper data modification 3.Unauthorized data modification 4.One directional information flow 5.No modification Liveness and Safety Safety Only OBJECTIVES

5 5 THE FIVE DEFINITIONS 1.Expectation of data quality 2.Improper data modification 3.Unauthorized data modification 4.One directional information flow 5.No modification External actions of users + Internal actions of the TCB ENFORCEMENT IS PRIMARILY BY Internal actions of the TCB

6 6 THE FIVE DEFINITIONS 1.Expectation of data quality 2.Improper data modification 3.Unauthorized data modification 4.One directional information flow 5.No modification Must be articulated by the System Owners POLICY Is built in

7 7 THE FIVE DEFINITIONS 1.Expectation of data quality 2.Improper data modification 3.Unauthorized data modification 4.One directional information flow 5.No modification Prevention + Detection ENFORCEMENT MECHANISMS Detection

8 8 THE DATA QUALITY DEFINITION Integrity -- The property that data, an information process, computer equipment, and/or software, people, etc., or any collection of these entities, meet an a priori expectation of quality that is satisfactory and adequate in some specific circumstance. Bob Courtney NIST Invitational Workshop on Data Integrity, 1989

9 9 THERMOSTAT MODEL

10 10 BINARY OR GRADED? Binary view: Data has integrity if its actual state differs from the ideal state by less than the tolerable limits of deviation Graded view: Data has integrity in inverse relationship to the extent that its actual state differs from the ideal state IN OTHER WORDS THIS IS A NON-ISSUE

11 11 CLARK-WILSON MODEL TPs CDIs USERS UDIs IVPs Internal and external consistency of CDIs

12 12 CLARK-WILSON RULES C1IVPs validate CDI state C2TPs preserve valid state C3Suitable (static) separation of duties C4TPs write to log C5TPs validate UDIs E1CDIs changed only by authorized TP E2Users authorized to TP and CDI E3Users are authenticated E4Authorizations changed only by security officer

13 13 CLARK-WILSON MODEL Concerned with improper modification of data Does not address liveness, except to require that integrity verification procedures verify correspondence of data to external reality It is one approach to –meeting the improper data modification aspects of data integrity –with a small liveness attachment

14 14 TYPE ENFORCEMENT (Boebert and Kain) Type enforcement can be used to implement a number of mechanisms related to improper modification of data –well-formed transformation procedures –data encapsulation –separation of duties –assured pipelines Type enforcement does not directly support liveness requirements

15 15 OTHER ACCESS CONTROL MODELS HRU, TAM, SPM –can be used to implement a number of mechanisms related to improper modification of data –do not directly support liveness requirements

16 16 DRAFT FEDERAL CRITERIA Integrity - Correctness and appropriateness of the content and/or source of a piece of information. The Courtney and Federal Criteria definitions are close enough that they can be reconciled fairly easily Courtney's definition is more general, because it is phrased in terms of data quality, which is a more general notion than the specific attributes of correctness and appropriateness

17 17 DOES INTEGRITY SUBSUME SECRECY? Top Secret Contents Label: Secret By Courtney and Federal Criteria definitions this is an integrity violation (if we expect labels to be correct)

18 18 HOMEWORK ASSIGNMENT Unclassified Contents Label: Secret Is this an integrity violation?

19 19 PANELISTS John Dobson Carl Landwehr LouAnna Notargiacomo Marv Schaefer

Download ppt "Title ON FOUR DEFINITIONS OF DATA INTEGRITY Ravi Sandhu George Mason University FIVE."

Similar presentations

Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
© 2004 Ravi Sandhu www.list.gmu.edu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.

Title Slide EVOLVING CRITERIA FOR INFORMATION SECURITY PRODUCTS Ravi Sandhu George Mason University Fairfax, Virginia USA.
George Mason University

George Mason University
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
ACCESS-CONTROL MODELS

ACCESS-CONTROL MODELS
1 TRANSACTION CONTROL EXPRESSIONS (TCEs) Ravi Sandhu.

1 TRANSACTION CONTROL EXPRESSIONS (TCEs) Ravi Sandhu.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.

Future Directions in Role-Based Access Control Models Ravi Sandhu Co-Founder and Chief Scientist SingleSignOn.Net & Professor of Information Technology.
TOPIC CLARK-WILSON MODEL Ravi Sandhu.

TOPIC CLARK-WILSON MODEL Ravi Sandhu.
© 2004 Ravi Sandhu www.list.gmu.edu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.

© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.

ROLE-BASED ACCESS CONTROL: A MULTI-DIMENSIONAL VIEW Ravi Sandhu, Edward Coyne, Hal Feinstein and Charles Youman Seta Corporation McLean, VA Ravi Sandhu.
© 2005 Ravi Sandhu www.list.gmu.edu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Permissions and Inheritance (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
1 Air Traffic Quality Assurance Program The Federal Aviation Administration Presented By: Gary D. Romero.

1 Air Traffic Quality Assurance Program The Federal Aviation Administration Presented By: Gary D. Romero.
0 - 0.

0 - 0.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)

MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts 1 - 20.

Addition Facts
CSC 405 Introduction to Computer Security

CSC 405 Introduction to Computer Security

Similar presentations

Ads by Google