Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

Published byAusten Todd Modified over 9 years ago

Similar presentations

Presentation on theme: "1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006."— Presentation transcript:

1 1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006

2 2 Overview Layers Pattern Authorization Pattern RBAC Pattern Multilevel Security Pattern File Authorization Pattern Discussion

3 3 An instance of the layers pattern

4 4 Authorization Pattern Context: -- Any computational environment where there are active entities that request resources whose access must be controlled. Problem: -- How to describe allowable types of accesses by active computational entities to passive resources(protected objects) Forces: -- The authorization structure must be independent of the type of resource; -- Predicates or guards may restrict the use of authorization according to specific conditions; -- some of the authorizations may be delegated by their holders to other subjects.

5 5 Authorization Pattern Solution:

6 6 Authorization Pattern solution

7 7 Authorization Pattern Consequences: -- applies to any type of resources -- The predicts in the rules are a general representation of any conditions that may restrict the application of a rule. -- the copy flag in the rules controls transfer of rights. -- Some systems separate administrative authorizations from user authorizations for further security. -- the request may not need to specify the exact object in the rule, the object may be implied by an existing protected object. Known uses -- Corresponds to the components of the access matrix, a fundamental security model. -- Basis for the access control systems of most commercial products. Related Patterns -- RBAC pattern -- file authorization pattern

8 8 RBAC Pattern Context: -- User should get rights based on their job functions. Problem: -- How to assign rights to users according to their roles in an institution. Forces: -- People have different needs for access to information; -- define precise access rights for its members according to a need-to-know policy; -- Granting rights to individual users would require storing many authorization rules and it would also be hard to keep track of these rules; -- User may have more than one role; may want to enforce policies such as separation of duty; -- a role may be assigned to individual users or to a groups of users;

9 9 RBAC Pattern: Solution:

10 10 RBAC Pattern

11 11 RBAC Pattern Consequences: -- reduce the complexity of security; -- Institution policies about job functions can be reflected directly in the definition of roles and the assignment of users to roles; -- Roles can be structured for further flexibility and reduction of rules; -- Users can activate more than one session at a time for functional flexibility -- can add UML constraints -- reducing the number of authorization rules and the number of role assignments. -- Additional conceptual complexity; Known Uses: -- Basis of most research papers and implementations of this idea. -- implemented in a variety of commercial systems Related Patterns: -- authorization pattern(simple version) -- Role pattern and the abstract Session.

12 12 Multilevel Security Pattern Context -- data and documents have sensitivity levels. Users have clearances and can access documents based on their clearances. Problem -- How to decide access in an environment with security classifications. Forces -- The model should protect the confidentiality and integrity of data based on its sensitivity. -- The model should be able to be used at any architectural level. -- There could be different sets of rules to decide access. -- There must be a convenient way to assign users and data to classification levels.

13 13 Multilevel Security Pattern Solution:

14 14 Multilevel Security Pattern Consequence -- The classification of users and data is relatively simple. -- can be proved to be secure under certain assumptions. -- Implementations should use labels in data to indicate their classification. -- additionally need trusted programs to assign users and data to levels. -- hard to do or impossible in commercial. Known uses -- has been used by several military-sponsored projects and in a few commercial products. Related Patterns -- the concept of roles can also be applied here, role classifications can replace user classifications.

15 15 File Authorization Pattern Context: -- The users of operating systems need to define files. These files can be accessed from different authorized workstations and access to the files should be restricted to authorized users. Forces: -- There may be different categories of subjects. -- Subjects may be authorized to access files, directories, and workstations. -- A subject has a home directory for each authorized workstation, but the same home directory can be shared among several workstation or among several subjects. -- Users may be grouped for access -- Some systems may use roles instead of in addition to users as subjects. -- There are different implementations for the file systems of operating system.

16 16 File Authorization Pattern Solution :

17 17 File Authorization Pattern Consequences: -- can accommodate a variety of subjects -- access objects can be single files, directories, recursive structures -- Implied authorization is possible. -- Implementations are not forced to follow the access matrix model. --Some systems may not use authorizations for workstations. -- Most operating systems use read/write/execute as access types. Higher level types of access are possible. -- In most operating systems there is the concept of owner, a special type of user with all rights on the files he creates. -- In some systems, files are mapped to the virtual memory address space. The pattern still applies to this case. Know Uses -- represents the file systems of Unix, Windows, Linx and most current operating systems. Related patterns -- Composite pattern -- RBAC pattern

18 18 General Discussion The actual implementation depends on the architectural level where they are applied. -- Access Control Lists -- the use of capabilities -- control access to classes -- the use of metaclasses and reflection Need to add more patterns in each level Other security models -- Clark-Wilson model -- Chinese Wall model

Download ppt "1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006."

Similar presentations

Access Control CS461/ECE422 Fall 2011. Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and.

Access Control CS461/ECE422 Fall Reading Material Chapter 4 through section 4.5 Chapters 23 and 24 – For the access control aspects of Unix and.
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Operating System Security

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Database Systems: Design, Implementation, and Management Tenth Edition

Database Systems: Design, Implementation, and Management Tenth Edition
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Access Control Methodologies

Access Control Methodologies
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Chapter 2 Database Environment Pearson Education © 2014.

Chapter 2 Database Environment Pearson Education © 2014.
User Domain Policies.

User Domain Policies.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Policy, Models, and Trust 1. Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact.

Policy, Models, and Trust 1. Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Similar presentations

Ads by Google