Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:

Published byRosemary Hopkins Modified over 8 years ago

Similar presentations

Presentation on theme: "A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:"— Presentation transcript:

1 A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors: D. Clark & D. Wilson IEEE Symposium on Security and Privacy, pp.184-194, IEEE,1987 “Any discussion of mechanisms to enforce computer security must involve a particular security policy that specifies the security goals the system must meet and the threats it must resist.” Presenter: Ivy Jiang

2 A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang2 About the Paper Military Security Policy defined by the Department of Defense Trusted Computer System Evaluation Criteria (the “Orange Book”)  Goal: classified information must not be disclosed to unauthorized individuals  Mechanism: Discretionary Control & Mandatory Controls Security Policy valid in Commercial Situation  Goal: ensure integrity of data to prevent fraud and errors  Mechanism: Well-formed Transaction & Separation of Duty Military VS Commercial  “There is a clear difference of emphasis in the military and commercial worlds”  Distinct mechanisms are required for enforcement of security policies in commercial system

3 A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang3 Compare to the Military Mechanism In the Commercial Mechanism Data item is not necessary associated with a particular security level Data item is manipulated by a restricted set of programs and programs must meet well formed transaction rules User is not given authority to read/write data User is given authority to execute certain program and this authority must meet separation of duty rules

4 A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang4 Appreciative Comment Provide statement to support that “Distinct mechanisms are required for enforcement of security policies in commercial system”  “Several security systems used in the commercial environment…...evaluated using the Orange Book……..they did not meet the mandatory requirements of the security model as described in the Orange Book”  “These packages are used commonly in industry and viewed as being rather effective in their meeting of industry requirement

5 A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang5 Critical Comment - #1 What is “lattice model”?  “We argue that a lattice model is not sufficient to characterize integrity policies”  Lattice model ?= mandatory control

6 A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang6 Critical Comment - #2 Is there overlap between two mechanisms?  “ There is not effective overlap between the mechanisms for the two”  “Incorporation of some form of integrity controls into the Orange Book might lead to systems that better meet the needs of both group”

7 A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang7 Question What is the proper emphasis of a security policy in the Military world? (Confidentiality, Integrity, Availability?)

Download ppt "A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:"

Similar presentations

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.
TOPIC CLARK-WILSON MODEL Ravi Sandhu.

TOPIC CLARK-WILSON MODEL Ravi Sandhu.
RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Operating System Security

Operating System Security
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
Security Models and Architecture

Security Models and Architecture
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.

CS526Topic 21: Integrity Models1 Information Security CS 526 Topic 21: Integrity Protection Models.
User Domain Policies.

User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Similar presentations

Ads by Google