Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control MAC. CSCE 522 - Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:

Published byClaud Shepherd Modified over 9 years ago

Similar presentations

Presentation on theme: "Access Control MAC. CSCE 522 - Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:"— Presentation transcript:

1 Access Control MAC

2 CSCE 522 - Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control: Principles and Practice, IEEE Communications, Volume 32, Number 9, September 1994 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1. 30.5029 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1. 30.5029  Ravi Sandhu, Lattice-Based Access Control Models, IEEE Computer, Volume 26, Number 11 (Cover Article), November 1993 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1. 54.8395 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1. 54.8395

3 CSCE 522 - Farkas 3 Lecture 17 Mandatory Access Control Objects: security classification e.g., grades=(confidential, {student-info}) Subjects: security clearances e.g., Joe=(confidential, {student-info}) Access rules: defined by comparing the security classification of the requested objects with the security clearance of the subject e.g., subject can read object only if label(subject) dominates label(object)

4 CSCE 522 - Farkas 4 Lecture 17 Mandatory Access Control If access control rules are satisfied, access is permitted e.g., Joe wants to read grades. label(Joe)=(confidential,{student-info}) label(grades)=(confidential,{student-info}) Joe is permitted to read grades Granularity of access rights!

5 CSCE 522 - Farkas 5 Lecture 17 Mandatory Access Control Security Classes (labels): (A,C) A – total order authority level C – set of categories e.g.,A = confidential > public, C = {student-info, dept-info} (confidential,{ }) (confidential,{dept-info}) (confidential,{student-info,dept-info}) (confidential,{student-info}) (public,{student-info,dept-info}) (public,{,dept-info}) (public,{ }) (public,{student-info})

6 CSCE 522 - Farkas 6 Lecture 17 Mandatory Access Control Dominance (  ): label l=(A,C) dominates l’=(A’,C’) iff A  A’ and C  C’ e.g., (confidential,{student-info})  (public,{student-info}) BUT (confidential, {student-info})  (public,{student-info, department-info})

7 CSCE 522 - Farkas 7 Lecture 17 Bell- LaPadula (BLP) Model Confidentiality protection Lattice-based access control  Subjects  Objects  Security labels Supports decentralized administration

8 CSCE 522 - Farkas 8 Lecture 17 BLP Reference Monitor All accesses are controlled by the reference monitor Cannot be bypassed Access is allowed iff the resulting system state satisfies all security properties Trusted subjects: subjects trusted not to compromise security

9 CSCE 522 - Farkas 9 Lecture 17 BLP Axioms 1. Simple-security property: a subject s is allowed to read an object o only if the security label of s dominates the security label of o  No read up  Applies to all subjects

10 CSCE 522 - Farkas 10 Lecture 17 *-property: a subject s is allowed to write an object o only if the security label of o dominates the security label of s No write down Applies to un-trusted subjects only BLP Axioms 2.

11 CSCE 522 - Farkas 11 Lecture 17 Blind Writes Improper modification of data Most implementations disallow blind writes

12 CSCE 522 - Farkas 12 Lecture 17 Tranquility Read and write accesses mediated based on the security labels of objects and subjects Read and write accesses are not atomic, i.e., sequences of operations that may or may not be interrupted Example: secret subject requests a read to a secret object. While the request is being processed, the subjects lowers its level to unclassified => unclassified subject gained read access to secret object

13 CSCE 522 - Farkas 13 Lecture 17 Tranquility Tranquility: changing security labels Strong tranquility: security labels of subjects and objects never change during an operation Advantage: system state always satisfies security requirements Disadvantage: not flexible

14 CSCE 522 - Farkas 14 Lecture 17 Tranquility Weak tranquility: security labels of subjects and objects never change such a way as to violate the security policy High watermark on subject: during read a subject may upgrade its security clearance High watermark on objects: during write an object’s security classification may be upgraded.

15 CSCE 522 - Farkas 15 Lecture 17 Discretionary Security Property Every current access must be in the access matrix

16 CSCE 522 - Farkas 16 Lecture 17 Trojan Horse and BLP Employee Black’s Employee Brown: read, write Black, Brown: read, write Brown Black Word Processor TH Insert Trojan Horse Into shared program Use shared program Read Employee Copy Employee To Black’s Employee Secret Public Secret  Public Public Secret Reference Monitor

17 CSCE 522 - Farkas 17 Lecture 17 Biba Model – Integrity Protection Integrity protection Lattice-based access control Subjects Objects Integrity labels Access Control List

18 CSCE 522 - Farkas 18 Lecture 17 Integrity Labels Hierarchical integrity levels: e.g., Crucial > Very important > Important Non-hierarchical categories: e.g., {medical, personal, administrative}

19 CSCE 522 - Farkas 19 Lecture 17 Strict Integrity Policy Integrity *-property: a subject s can modify an object o only if the integrity level of the subject dominates the integrity level of the object (no write up) Simple integrity property: a subject s can observe an object o only if the integrity label of s is dominated by the integrity label of o (no read down) Invocation property: a subject s1 can invoke a subject s2 only if the integrity label of s1 dominates the integrity label of s2

20 CSCE 522 - Farkas 20 Lecture 17 Next Class: Database Security

Download ppt "Access Control MAC. CSCE 522 - Farkas 2 Lecture 17 Reading assignments Required for access control classes:  Ravi Sandhu and P. Samarati, Access Control:"

Similar presentations

George Mason University

George Mason University
ACCESS-CONTROL MODELS

ACCESS-CONTROL MODELS
Information Flow and Covert Channels November, 2006.

Information Flow and Covert Channels November, 2006.
Operating System Security

Operating System Security
ISA 562 Information System Security

ISA 562 Information System Security
Multilevel Security (MLS) Database Security and Auditing.

Multilevel Security (MLS) Database Security and Auditing.
Lecture 8 Access Control (cont)

Lecture 8 Access Control (cont)
Vinay Kumar Madhadi 10/28/2009 CSC-8320. Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.

Vinay Kumar Madhadi 10/28/2009 CSC Outline  Part 1 : Mandatory Flow Control Models? MAC vs. DAC Information Flow Control  Part 2 : Different Models-Lattice.
1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013

1 Access Control Models Prof. Ravi Sandhu Executive Director and Endowed Chair January 25, 2013 & February 1, 2013
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
Access Control Methodologies

Access Control Methodologies
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Verifiable Security Goals

Verifiable Security Goals
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
User Domain Policies.

User Domain Policies.
7/15/2015 5:04 PM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.

7/15/2015 5:04 PM Lecture 4: Bell LaPadula James Hook CS 591: Introduction to Computer Security.
Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Mandatory Flow Control Bismita Srichandan. Outline Mandatory Flow Control Models Information Flow Control Lattice Model Multilevel Models –The Bell-LaPadula.

Similar presentations

Ads by Google