Advanced System Security

About This Presentation

Title:

Description:

Number of Views:19

Avg rating:3.0/5.0

Slides: 12

Provided by: xx48

Category:

Tags: advanced | clarence | security | system

Transcript and Presenter's Notes

Title: Advanced System Security

1
Advanced System Security

2
Models of Security

3
Models of Security

Want to build a model to represent a range of
sensitivities and to reflect need to separate
subjects from objects to which they should not
have access.
Use the lattice model of security
military security model where lt in the model is
the relation operator in the lattice (transitive,
antisymmetric)

4
Chapter 5 Confidentiality Policies

Confidentiality policy (information flow policy)
Military Security Policy
based on protecting classified information
Information access is limited by need-to-know
rule
Each piece of classified info is associated with
a compartment
Class (classification) - ltrank compartmentgt
Clearance - indication that person is trusted to
access info up to a certain level of sensitivity

5
Bell-LaPadula Model

was proposed by Bell and LaPadula of MITRE for
enforcing access control in government and
military applications.
It corresponds to military-style classifications.
In such applications, subjects and objects are
often partitioned into different security levels.
A subject can only access objects at certain
levels determined by his security level.
For instance, the following are two typical
access specifications Unclassified personnel
cannot read data at confidential levels'' and
Top-Secret data cannot be written into the
files at unclassified levels''

6
Informal Description

Simplest type of confidentiality classification
is a set of security clearances arranged in a
linear (total) ordering.
Clearances represent the security levels.
The higher the clearance, the more sensitive the
info.
Basic confidential classification system
individuals documents
Top Secret (TS) Tamara, Thomas Personnel Files
Secret (S) Sally, Samuel Electronic Mails
Confidential (C) Claire, Clarence Activity Log
Files
Unclassified (UC) Ulaley, Ursula Telephone Lists

7
Mandatory and Discretionary Access Control

Bell-LaPadula model combines Mandatory and
Discretionary Access Controls.
S has discretionary read (write) access to O
means that the access control matrix entry for S
and O corresponding to the discretionary access
control component contains a read (write) right.
A B C D OQS read(D)T
If the mandatory controls not present, S would be
able to read (write) O.

8
The Bell-LaPadula Model

Dominance
s lt O iff ranks lt ranko
and compartmentss lt compartmentso
Simple Security Condition S can read O iff lo lt
ls and S has discretionary read access to O.
(Clearance level of subject is at least as high
as that of the information)
-Property S can write O iff ls lt lo and S has
discretionary write access to O.
The -property is used to prevent write-down
(subject with access to high-level data transfers
that data by writing it to a low-level object.)
A secure system has both the simple security
condition and the -property.

9
The Bell-LaPadula Model

discretionary security property (ds property)
subjects may pass permission/clearance to other
subjects
A system is secure if it satisfies the simple
security condition, the -property, and the
discretionary security property.

10
The Bell-LaPadula Model

Get-read rule enables a subject s to request the
right to read an object o. preserves both the
simple security condition and the -property.
Give-read rule enables a subject s to give
subject t the (discretionary) right to read an
object o. preserves both the simple security
condition and the -property.

11
5.3 Tranquility

The principal of strong tranquility states that
security levels do not change during the lifetime
of the system.
The principal of weak tranquility states that
security levels do not change in a way that
violates the rules of a given security policy.

Write a Comment

User Comments (0)