MANDATORY FLOW CONTROL - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

MANDATORY FLOW CONTROL

Description:

MANDATORY FLOW CONTROL Xiao Chen Fall2009 CSc 8320 * INDEX Section One: Basic Introduction Mandatory Flow Control Models Information Flow Control Lattice Model ... – PowerPoint PPT presentation

Number of Views:117
Avg rating:3.0/5.0
Slides: 21
Provided by: Hyde1
Learn more at: https://www.cs.gsu.edu
Category:

less

Transcript and Presenter's Notes

Title: MANDATORY FLOW CONTROL


1
MANDATORY FLOW CONTROL
  • Xiao Chen
  • Fall2009 CSc 8320

2
INDEX
  • Section One Basic Introduction
  • Mandatory Flow Control Models
  • Information Flow Control
  • Lattice Model
  • Multilevel Models
  • Section Two Contemporary Application
  • Windows Vista IE7 Implements Biba Model
  • Section Three Future Prospect
  • Improvement of P2P
  • References

3
Section One Basic Introduction
4
MANDATORY FLOW CONTROL MODELS
  • Definition
  • Mandatory access control refers to a type of
    access control by which the operating system
    constrains the ability of a subject to access or
    generally perform some sort of operation on an
    object or target.

5
MANDATORY FLOW CONTROL MODELS
  • Why is it necessary since we have discretionary
    security model?
  • With the advances in networks and distributed
    systems, it is necessary to broaden the scope to
    include the control of information flow between
    distributed nodes on a system wide basis rather
    than only individual basis like discretionary
    control.

6
Difference between Discretionary and Mandatory
access control 4
  • Mandatory access control, this security policy is
    centrally controlled by a security policy
    administrator users do not have the ability to
    override the policy and, for example, grant
    access to files that would otherwise be
    restricted.
  • By contrast, discretionary access control (DAC),
    which also governs the ability of subjects to
    access objects, allows users the ability to make
    policy decisions and/or assign security
    attributes.

7
Information Flow Control 1
  • Definition
  • Information Flow control is concerned with how
    information is disseminated or propagated from
    one object to another.
  • The security classes of all entities must be
    specified explicitly and the class of an entity
    seldom changes after it has been created

8
The Lattice Model
  • The best-known Information Flow Model
  • Based upon the concept of lattice whose
    mathematical meaning is a structure consisting of
    a finite partially ordered set together with a
    least upper bound and greatest lower bound
    operator on the set.

9
THE LATTICE MODEL
  • Lattice is a Directed Acyclic Graph(DAG) with a
    single source and sink.
  • Information is permitted to flow from a lower
    class to upper class.

10
Multilevel Security
  • Multilevel Security is a special case of the
    lattice-based information flow model. There are
    two well-known multilevel security models
  • The Bell-LaPadula Model focuses on
    confidentiality of information
  • The Biba Model focuses on system integrity

11
Bell-LaPadula Model
  • Need-to-know principle A subject is given access
    only to the objects that it requires to perform
    its jobs.
  • Security with respect to confidentiality in the
    Bell-LaPadula model is described by the following
    two axioms
  • Simple security property Reading information
    from an object o by a subject s requires that
    SC(s) dominates SC(o) no read up).
  • The -property Writing information to an object
    o by a subject s requires that SC(o) dominates
    SC(s).

12
Biba Model
  • Contrary to Bell-LaPadula model, in Biba model
    information can only flow from a higher integrity
    class to a lower integrity class.
  • Integrity levels form a linear lattice in which
    each level represents the classification of
    integrity of information an object can contain or
    the clearance of a subject for modifying an
    object.
  • Integrity categories form a subset lattice and
    are used to enforce the need-to-have principle.

13
Comparison of two Multilevel Models
  • The Bell-LaPadula Model is concerned with
    information confidentiality
  • subjects reading from an object must have higher
    security class than the object.
  • objects being written to by a subject must have
    higher security class than the subject.
  • The Biba model emphasizes information integrity
  • subjects writing information to an object must
    have higher security class than the object.
  • objects being read from by a subject must have
    higher security class than the subject.

14
SECTION TWO CONTEMPORARY APPLICATION
15
IE7 IMPLEMENTS BIBA MODEL2
  • According to the 2 rules of Biba Integrity Model
  • Simple Security Axiom A subject at a particular
    integrity level must not be able to read from an
    object of a lower integrity level. i.e. "No Read
    Down".
  • Star Property Axiom A subject at a particular
    level of integrity must not be able to write on
    to an object of higher integrity level. i.e. "No
    Write Up".

16
IE7 IMPLEMENTS BIBA MODEL 2
  • Keeping the integrity level of IE7 (Protected
    Mode) at low makes sure that any thread started
    by IE 7 will bear the same integrity level and
    thus would not be able to write to any
    folder/application in the system, which is at a
    higher integrity level (Star Property Axiom).
    Therefore the only folders where IE7 based
    programs can write into are the following, as
    they are assigned the same integrity level as
    IE7
  • Temporary Internet Files
  • Cookies
  • Recycle Bin
  • Various Registry keys, including ones under
    HKCU\Software\Microsoft\Internet Explorer

17
IE7 IMPLEMENTS BIBA MODEL2
  • On the other hand, if you want to save a file
    downloaded through IE7 on a local folder like "My
    Documents" , the application warns the user and
    informs him that this will require elevating the
    privileges to save the file on an alternate
    location.
  • If it's a .exe file that needs to be installed,
    IE 7 prompts for further elevation by asking for
    admin privilege password.

18
SECTION THREE FUTURE PROSPECT
19
FUTURE WORK
  • Multilevel models have been used mostly in
    military systems, although as we will see later,
    they are useful to control attacks to different
    parts of a system.
  • In particular, Joshi et al. Jos01 discuss the
    improvement of these models for web-based
    applications. They consider Role-based access
    control as the most suitable model but think that
    in the future it needs to be extended to consider
    dynamic and task-based aspects. This is a good
    direction for future work.3

20
REFERENCE
  • 1Distributed Operating Systems Algorithms,
    Randy Chow and Theodore Johnson, Addison Wesley,
    1997.
  • 2 IE7 Implements Biba Model http//ranjanajain.
    spaces.live.com/blog/cns!5F09EF6281DD4DB0!221.entr
    y?sa390277086
  • 3Eduardo B.Fernandez, Chapter 4. Security
    models, http//www.cse.fau.edu/ed/Ch4SecModels.pd
    f
  • 4 http//en.wikipedia.org/wiki/Mandatory_access_
    control
Write a Comment
User Comments (0)
About PowerShow.com