Security Function Interactions - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Security Function Interactions

Description:

... compose security functions. Suitability and circumvention : compose untrusted ... Compose OneACS with OneHost. untrusted attributes and actions are connected ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 14
Provided by: moi16
Category:

less

Transcript and Presenter's Notes

Title: Security Function Interactions


1
Security Function Interactions
  • Pierre Bieber
  • Security architecture validation.
  • Composition of security functions.
  • Secure LAN access control functions.

2
Security Architecture
  • Multiple and heterogeneous security functions
  • SMAC protocol
  • Access Control Switch (ACS), Central Security
    Server (CSS), Security Sub-Network (SSN)
  • Internal/external host isolation

3
ITSEC Security Function Validation
  • Assurance-correctness
  • Model formally security functions
  • FOX firewall (Thomson Communications)
  • ITSEC level E4
  • B specification of packet filters, authentication
    protocol, ...
  • Security properties as invariants

4
ITSEC Security Function Interaction Validation
  • Assurance-effectiveness
  • Suitability analysis,
  • Binding analysis,
  • Vulnerability assessment.
  • Properties enforced by interacting security
    functions
  • Consistency compose security functions
  • Suitability and circumvention compose untrusted
    function with security functions

5
Composition Framework
  • Fiadeiro and Maibaum (COMMUNITY), Wiels and
    Michel (Moka).
  • Consistent composition of properties
  • Consistency constraint Spec1 and Spec2 should be
    refinements of SharedSpec.
  • ComposedSpec is a minimal refinement of both
    Spec1 and Spec2.
  • Refinement preservation of invariants

6
Modular description of SMAC

7
ACS Specification
  • Attributes
  • in boolean // the host is using the medium
  • ok boolean // the host is authorised to use
    the medium
  • Initialisation
  • init in,ok0,0
  • Actions
  • use in1 if ok
  • release in0
  • granted ok1
  • forbidden in,ok0,0 if !in
  • Properties
  • in gt ok // If the host is using the medium then
    it is authorised to use it

8
CSS Specification
  • Attributes
  • ok_I boolean, // Internal hosts are authorised
    to use the medium
  • ok_E boolean, // External hosts are authorised
    to use the medium
  • Initialisation
  • init ok_I,ok_E0,0
  • Actions
  • grant_Iok_I,ok_E1,0
  • grant_Eok_I,ok_E0,1
  • Properties
  • ! (ok_I ok_E) //Internal and External hosts are
    never authorised simultaneously

9
Composition first step
  • Connections
  • Relate vocabulary (attribute and action names) of
    shared specification with vocabulary of
    specifications to be composed.
  • OneACS dialogue between an internal ACS and
    CSS through SSN

10
Composition second step
  • Composed specification
  • Composed properties conjunction of the images
    of the properties.
  • Consistency
  • OneACS (ACS.in gt ok) ! (ok CSS.ok_E)
  • TwoACS !(ACS1.in ACS2.in)

11
Circumvention Analysis
  • Compose OneACS with OneHost
  • untrusted attributes and actions are connected
  • Consistent composition constraint is too weak
  • untrusted actions (use, release) interfere with
    ok and CSS.ok_E.

12
Secure Composition Constraint
  • Untrusted actions should not Interfere with
    security attributes
  • Secure composition constraint Secure causal
    dependency
  • action forbidden should not depend on the value
    of ACS.in

13
Conclusion
  • Security Architecture Validation
  • Model security function interactions
  • Secure and consistent composition constraints
  • refinement weak non-interference
  • secure composition constraint applied for
    untrusted/trusted interactions
  • Future work
  • Relation with Assurance-effectiveness evaluation
    current practices
  • Use models to generate intrusion tests
  • Apply the Modular Spec test-case generation
    method (M. Doche, FMICS)
Write a Comment
User Comments (0)
About PowerShow.com