DOC PREVIEW
Pitt IS 2150 - SECURITY POLICIES

This preview shows page 1-2-3-19-20-39-40-41 out of 41 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 41 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

IS 2150 / TEL 2810IS 2150 / TEL 2810Introduction to SecurityJames JoshiAssociate Professor SISAssociate Professor, SISLecture 5September 28, 2010Security PoliciesSecurity PoliciesConfidentiality Policies1Objectives Understanding/defining security policy and nature of trust Overview of different policy modelsDefine/Understand existing Bell-LaPadulaDefine/Understand existing BellLaPadula model of confidentiality how lattice helps? Understand the Biba integrity model2Security Policies3Security Policy Defines what it means for a system to be secure Formally: Partitions a system into Set of secure (authorized) states() Set of non-secure (unauthorized) states Secure system is one that y Starts in authorized state Cannot enter unauthorized state4Secure System - ExampleUnauthorizedA B C DUnauthorizedstatesIs this Finite State Machine Secure?AuthorizedstatesIs this Finite State Machine Secure?Ais start state ?Bis start state ?Bis start state ?Cis start state ? How can this be made secure if not?5Suppose A, B, and Care authorized states ?Additional Definitions: Security breach: system enters an unauthorized state Let Xbe a set of entities, Ibe information.Ihasconfidentialitywith respect toXif no member ofIhas confidentialitywith respect to Xif no member of Xcan obtain information on IIhas integrity with respect to Xif all members of Xtrust ITrust I, its conveyance and storage (data integrity)Imaybe origin information or an identity (authentication)Iis a resource – its integrity implies it functions as it should (assurance)Ihas availabilitywith respect to Xif all members of Xcan access I Time limits (quality of service)6Confidentiality Policy Also known as information flow Transfer of rights Transfer of information without transfer of rights Temporal context Model often depends on trust Parts of system where information couldflowTrusted entity must participate to enable flow Highly developed in Military/Government7Integrity Policy Defines how information can be altered Entities allowed to alter data Conditions under which data can be altered Limits to change of dataElExamples: Purchase over $1000 requires signatureCheck over $10 000 must be approved by oneCheck over $10,000 must be approved by one person and cashed by anotherSeparation of duties : for preventing fraud8 Highly developed in commercial worldTrust Theories and mechanisms rest on some trust assumptions Administrator installs patch1. Trusts patch came from vendor, not tampered with in transit2. Trusts vendor tested patch thoroughlyTrusts vendor’s test environment corresponds to3.Trusts vendor’s test environment corresponds to local environment4.Trusts patch is installed correctly9pyTrust in Formal Verification Formal verification provides a formal mathematical proof that given input i, program Pproduces output o as specified Suppose a security-related program Sformally verified to work with operating system OWh h i d i iWhat are the assumptions during its installation?10Security Mechanism Policy describes what is allowedMechanismMechanism  Is an entity/procedure that enforces (part of) policy Example Policy: Students should not copy homework Mechanism: Disallow access to files owned by other users11Security Model A model that represents a particular policy or set of policiespolicy or set of policies Abstracts details relevant to analysisFocus on specific characteristics of policiesFocus on specific characteristics of policies E.g., Multilevel security focuses on information flow control12Security policies Military security policy Focuses on confidentialityCommercial security policyCommercial security policy Primarily IntegrityTransaction-oriented Begin in consistent state “Consistent” defined by specification Perform series of actions (transaction)Ati tb it tdActions cannot be interrupted If actions complete, system in consistent state If actions do not complete, system reverts to beginning (consistent) state13Access Control Discretionary Access Control (DAC) Owner determines access rightsg Typically identity-based access control: Owner specifies other users who have access Mandatory Access Control (MAC) Rules specify granting of access Also called rule-based access control14Access Control Originator Controlled Access Control (ORCON)(ORCON) Originator controls accessOriginator need not be owner!Originator need not be owner! Role Based Access Control (RBAC)Id tit d b lIdentity governed by role user assumes15Confidentiality PoliciesConfidentiality Policies16Confidentiality Policy Also known as information flow policy Integrity is secondary objective Eg. Military mission “date” Bell-LaPadula Model Formally models military requirementsFormally models military requirements Information has sensitivity levels or classification  Subjects have clearance Subjects with clearance are allowed access Multi-level access control or mandatory access control17Bell-LaPadula: Basics Mandatory access control  Entities are assigned security levels Subject has security clearance L(s) = ls Object has security classification L(o) = lo Simplest case: Security levels are arranged in a linear order li<li+1ExampleExampleTop secret > Secret > Confidential >Unclassified18“No Read Up” Information is allowed to flow up, not downSimple security property: pyppyscan read oif and only iflo≤ lsandshas discretionary read access to o- Combines mandatory(security levels) and discretionary(permission required)discretionary(permission required)- Prevents subjects from reading objects at higher levels (No Read Up rule)19“No Write Down” Information is allowed to flow up, not down*property pp yscan write oif and only ifls≤ lo andshas write access to o- Combines mandatory(security levels) and discretionary(permission required)discretionary(permission required)- Prevents subjects from writing to objects at lower levels (No Write Down rule)20Examplesecurity level subject objectTop SecretTamara Personnel FilespSecret Samuel E-Mail FilesConfidentialClaireActivity LogsConfidentialClaireActivity LogsUnclassified Ulaley Telephone Lists• Tamara can read which objects? And write?• Claire cannot read which objects? And


View Full Document

Pitt IS 2150 - SECURITY POLICIES

Documents in this Course
QUIZ

QUIZ

8 pages

Assurance

Assurance

40 pages

Load more
Download SECURITY POLICIES
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view SECURITY POLICIES and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view SECURITY POLICIES 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?