Πανεπιστήμιο Αιγαίου Τμήμα μηχανικών πληροφοριακών & επικοινωνιακών συστημάτων. Ασφάλεια Συστημάτων. Πολιτικές. 15/1/2012 Π.
|
|
- Judith Horton
- 6 years ago
- Views:
Transcription
1 Πανεπιστήμιο Αιγαίου Τμήμα μηχανικών πληροφοριακών & επικοινωνιακών συστημάτων Ασφάλεια Συστημάτων Πολιτικές 1
2 Overview Access Control Models Security Policy Definition Trust Confidentiality Policy Integrity Policy Other types of Policy Policy Languages 2
3 3/5 Layers analysis Idealized Enforceable (Approximate) Codeable 3
4 Types of Access Control Discretionary Access Control (DAC) individual user sets access control mechanism to allow or deny access to an object Mandatory Access Control (MAC, rule-based) system mechanism controls access to object, and individual cannot alter that access Originator Controlled Access Control (ORCON) originator (creator) of information controls who can access information 4
5 ORCON Problem: organization creating document wants to control its dissemination Example: Secretary of Agriculture writes a memo for distribution to her immediate subordinates, and she must give permission for it to be disseminated further. This is originator controlled (here, the originator is a person). 5
6 Requirements Subject s S marks object o O as ORCON on behalf of organization X. X allows o to be disclosed to subjects acting on behalf of organization Y with the following restrictions: 1. o cannot be released to subjects acting on behalf of other organizations without X s permission; and 2. Any copies of o must have the same restrictions placed on it. 6
7 DAC Fails Owner can set any desired permissions This makes 2 unenforceable 7
8 MAC Fails First problem: category explosion Category C contains o, X, Y, and nothing else. If a subject y Y wants to read o, x X makes a copy o. Note o has category C. If y wants to give z Z a copy, z must be in Y by definition, it s not. If x wants to let w W see the document, need a new category C containing o, X, W. Second problem: abstraction MAC classification, categories centrally controlled, and access controlled by a centralized policy ORCON controlled locally 8
9 Combine Them The owner of an object cannot change the access controls of the object. When an object is copied, the access control restrictions of that source are copied and bound to the target of the copy. These are MAC (owner can t control them) The creator (originator) can alter the access control restrictions on a per-subject and perobject basis. This is DAC (owner can control it) 9
10 RBAC Access depends on function, not identity Example: Allison, bookkeeper for Math Dept, has access to financial records. She leaves. Betty hired as the new bookkeeper, so she now has access to those records The role of bookkeeper dictates access, not the identity of the individual. 10
11 ROLE HIERARCHIES USER-ROLE ASSIGNMENT PERMISSIONS-ROLE ASSIGNMENT USERS ROLES PERMISSIONS... SESSIONS CONSTRAINTS 11
12 Definitions Role r: collection of job functions trans(r): set of authorized transactions for r Active role of subject s: role s is currently in actr(s) Authorized roles of a subject s: set of roles s is authorized to assume authr(s) canexec(s, t) iff subject s can execute transaction t at current time 12
13 Axioms Let S be the set of subjects and T the set of transactions. Rule of role assignment: ( s S)( t T) [canexec(s, t) actr(s) ]. If s can execute a transaction, it has a role This ties transactions to roles Rule of role authorization: ( s S) [actr(s) authr(s)]. Subject must be authorized to assume an active role (otherwise, any subject could assume any role) 13
14 Axiom Rule of transaction authorization: S)( t T) [canexec(s, t) t trans(actr(s))]. ( s If a subject s can execute a transaction, then the transaction is an authorized one for the role s has assumed 14
15 Separation of Duty Let r be a role, and let s be a subject such that r auth(s). Then the predicate meauth(r) (for mutually exclusive authorizations) is the set of roles that s cannot assume because of the separation of duty requirement. Separation of duty: ( r 1, r 2 R) [ r 2 meauth(r 1 ) [ ( s S) [ r 1 authr(s) r 2 authr(s) ] ] ] 15
16 Key Points Hybrid policies deal with both confidentiality and integrity Different combinations of these ORCON model neither MAC nor DAC Actually, a combination RBAC model controls access based on functionality 16
17 Key Points Is RBAC MAC or DAC or neither? RBAC can be configured to do MAC RBAC can be configured to do DAC RBAC is policy neutral RBAC is neither MAC nor DAC! 17
18 Attribute Based Access Control (ABAC) Subject Attributes Associated with a subject (user, application, process) that defines the identity and characteristics of the subject E.g. identifier, name, job title, role Resource Attributes Associated with a resource (web service, system function, or data) Environment Attributes Describes the operational, technical, or situational environment or context in which the information access occurs E.g. current date time, current threat level, network security classification 18
19 ABAC Policy Formulation 1. S, R, and E are subjects, resources, and environments, respectively; 2. SA k (1 k K), RA m (1 m M), and EA n (1 n N) are the pre-defined attributes for subjects, resources, and environments, respectively; 3. ATTR(s), ATTR(r), and ATTR(e) are attribute assignment relations for subject s, resource r, and environment e, respectively: ATTR( s) SA SA... SA ATTR( r ) ATTR( e) RA EA RA EA EA K... RA M N 19
20 ABAC Policy Formulation (Cont d) 4. We also use the function notation for the value assignment of individual attributes. For example: Role(s) = Service Consumer ServiceOwner(r) = XYZ, Inc. CurrentDate(e) = In the most general form, a Policy Rule that decides on whether a subject s can access a resource r in a particular environment e, is a Boolean function of s, r, and e s attributes: Rule X : can _ access( s, r, e) f ( ATTR( s), ATTR( r ), ATTR( e)) The access control decision process in essence amounts to the evaluation of applicable policy rules in the policy store. 20
21 Policy Rule Examples Modeling conventional RBAC rules: User with role Manager may access the ApprovePurchase web service Rule 1 : can _ access( s, r, e) Role( s) = ' Manager ' Name( r ) = ' ApprovePurchase' Modeling richer access control semantics A resource may only be accessed by its owners Rule UserID( s) = OwnerID( r ) Modeling mandatory access control Classified files can be accessed by users with equal or higher clearance Rule 3 : can _ access( s, r, e) Clearance( s) 2 : can _ access( s, r, e) Classification( r ) 21
22 Online Entertainment Store Example Inspired by [Al-Kahtani & Sandhu 2003]: Streams movies to customers for a flat monthly fee Access Control Requirements Basic requirement: access control is based on user s age and the movies content ratings (R, PG-13, G) Advanced requirement: Suppose the store introduces membership classes (Premium, Regular) and would like to enforce a new policy that only Premium users can view New Releases Using RBAC: Basic policy: Need to create roles such as Adult, Juvenile, Child Advanced policy: Roles and permissions need to be doubled (e.g., Adult Premium, Adult Regular, ) I.e., given K subject attributes, total roles could be: K Range(SAk ) 1 22
23 Online Entertainment Store Example (Cont d) Using ABAC: Basic policy: No need to define explicit roles R1 : can _ access( u, m, e) ( Age( u) 21 Rating( m) { R, PG13, G}) ( 21 Age( u) 13 Rating( m) { PG13, G)} ( Age( u) < 13 Rating( m) { G}) Advanced policy: Only need to add a second rule and combine the two R2 : can _ access( u, m, ( MemberType( u) ( MemberType( u) MovieType( m) {' NewRelease' }) R3 : can _ access( u, m, e) = ' Premium' ) = ' Regular ' e) R1 R2 23
24 Comparison with (Pure) RBAC Models Inherent limitation in RBAC is the single dimension of roles Finer-grained access control policies often involve multiple subject and object attributes As more attributes are involved, number of roles and permissions needed to encode these attributes will grow exponentially, thereby making User Assignments and Permission Assignments difficult to manage Various research work has tried to extend the basic RBAC model, however most are constrained by the inherent limitations of RBAC Rule-based RBAC [Al-Kahtani & Sandhu 2003], Inclusion of subject-resource relationship [Barkley,Beznosov & Uppal 1999] Use-condition policies specified by stakeholders [Johnston et al. 1998] [Thompson et al. 1999] 24
25 Comparison with (Pure) RBAC Models (Cont d) RBAC usually needs centralized management of user-to-role and permission-to-role assignments Not well suited for a highly distributed environment Even more difficult when subject and resource belong to different security domains! RBAC doesn t consider environment attributes explicitly E.g., continuing with the previous example, suppose an additional requirement states Regular customers in general may not watch new releases, but may be allowed in promotional periods In ABAC, a new rule can be easily added, involving an environment attribute CurrentDate(e) RBAC doesn t handle MAC In ABAC, security labels can be treated naturally as attributes 25
26 ABAC Authorization Architecture The XACML authorization architecture readily supports ABAC Agnostic to the actual representation and formulation of policies Subject Resource PEP Subject AA Resource AA PDP ABAC Policy Authority Environment AA AA: Attribute Authority 26
27 Implementation Scenario Applying ABAC to Secure Web Services SOAP Client SA SOAP Msg 1 3 SOAP Message Handler Service Provider Web Service Identity Store SA EA 2 Policy Decision Service RA Service Registry Policy Admin. Service Policy Store Attribute & Policy Services 27
28 Towards End-to-End Attribute Based Information Security The ABAC policy and architecture models, though very powerful, only focus on authorization of requests from information consumers to providers The end-to-end security architecture requires more than just the access control model To utilize ABAC to its full potential, we need a systematic methodology around how attributes are managed throughout their life cycle: Attribute definition and provisioning ; Cryptographic mechanisms to bind attributes to subjects and objects they describe; Discovery mechanisms for attribute definitions and attribute assignments; A feedback loop through which attribute usage can be monitored and audited 28
29 Attribute Management Lifecycle Methodology Attribute Provisioning Attribute Binding Monitor & Feedback Attribute Based Information Security Attribute Discovery Attribute Based Access Control 29
30 Key points The ABAC model brings many advantages over traditional identity or role based models Intuitive to model and manage real-world access control policies More flexible and more powerful to represent complex, fine-grained access control semantics, which is especially suitable for the dynamic SOA / web services environment Management of security information is spread over a number of Attribute and Policy Authorities, possibly across organizational boundaries suitable for large-scale information sharing Reduces overall system complexity, allowing different system components (user directory, service registry, policy server, etc.) to focus on their respective administrative tasks To utilize the ABAC model to its full potential, many aspects of the entire attribute management life cycle needs to be considered, such as attribute provisioning, binding, discovery, and feedback loop All are potential research and engineering topics to be explored 30
31 Security Policy Policy partitions system states into: Authorized (secure) These are states the system can enter Unauthorized (nonsecure) If the system enters any of these states, it s a security violation Secure system Starts in authorized state Never enters unauthorized state 31
32 Confidentiality X set of entities, I information I has confidentiality property with respect to X if no x X can obtain information from I I can be disclosed to others Example: X set of students I final exam answer key I is confidential with respect to X if students cannot obtain final exam answer key 32
33 Integrity X set of entities, I information I has integrity property with respect to X if all x X trust information in I Types of integrity: trust I, its conveyance and protection (data integrity) I information about origin of something or an identity (origin integrity, authentication) I resource: means resource functions as it should (assurance) 33
34 Availability X set of entities, I resource I has availability property with respect to X if all x X can access I Types of availability: traditional: x gets access or not quality of service: promised a level of access (for example, a specific level of bandwidth) and not meet it, even though some access is achieved 34
35 Policy Models Abstract description of a policy or class of policies Focus on points of interest in policies Security levels in multilevel security models Separation of duty in Clark-Wilson model Conflict of interest in Chinese Wall model 35
36 Types of Security Policies Military (governmental) security policy Policy primarily protecting confidentiality Commercial security policy Policy primarily protecting integrity Confidentiality policy Policy protecting only confidentiality Integrity policy Policy protecting only integrity 36
37 Integrity and Transactions Begin in consistent state Consistent defined by specification Perform series of actions (transaction) Actions cannot be interrupted If actions complete, system in consistent state If actions do not complete, system reverts to beginning (consistent) state 37
38 Trust Administrator installs patch 1. Trusts patch came from vendor, not tampered with in transit 2. Trusts vendor tested patch thoroughly 3. Trusts vendor s test environment corresponds to local environment 4. Trusts patch is installed correctly 38
39 Trust in Formal Verification Gives formal mathematical proof that given input i, program P produces output o as specified Suppose a security-related program S formally verified to work with operating system O What are the assumptions? 39
40 Trust in Formal Methods 1. Proof has no errors Bugs in automated theorem provers 2. Preconditions hold in environment in which S is to be used 3. S transformed into executable S whose actions follow source code Compiler bugs, linker/loader/library problems 4. Hardware executes S as intended Hardware bugs (Pentium f00f bug, for example) 40
41 Question Policy disallows cheating Includes copying homework, with or without permission CS class has students do homework on computer Anne forgets to read-protect her homework file Bill copies it Who cheated? Anne, Bill, or both? 41
42 Answer Part 1 Bill cheated Policy forbids copying homework assignment Bill did it System entered unauthorized state (Bill having a copy of Anne s assignment) If not explicit in computer security policy, certainly implicit Not credible that a unit of the university allows something that the university as a whole forbids, unless the unit explicitly says so 42
43 Answer Part 2 Anne didn t protect her homework Not required by security policy She didn t breach security If policy said students had to readprotect homework files, then Anne did breach security She didn t do this 43
44 Mechanisms Entity or procedure that enforces some part of the security policy Access controls (like bits to prevent someone from reading a homework file) Disallowing people from bringing CDs and floppy disks into a computer facility to control what is placed on systems 44
45 Key Points Policies describe what is allowed Mechanisms control how policies are enforced Trust underlies everything 45
46 Confidentiality Policies What is a confidentiality model Goals of Confidentiality Model Bell-LaPadula Model Informally Example Instantiation 46
47 Confidentiality Policy Goal: prevent the unauthorized disclosure of information Deals with information flow Integrity incidental Multi-level security models are bestknown examples Bell-LaPadula Model basis for many, or most, of these 47
48 Bell-LaPadula Model, Step 1 Security levels arranged in linear ordering Top Secret: highest Secret Confidential Unclassified: lowest Levels consist of security clearance L(s) Objects have security classification L(o) 48
49 Example security level subject object Top Secret Tamara Personnel Files Secret Samuel Files Confidential Claire Activity Logs Unclassified Ulaley Telephone Lists Tamara can read all files Claire cannot read Personnel or Files Ulaley can only read Telephone Lists Slide #5-49
50 Reading Information Information flows up, not down Reads up disallowed, reads down allowed Simple Security Condition (Step 1) Subject s can read object o iff L(o) L(s) and s has permission to read o Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission) Sometimes called no reads up rule 50
51 Writing Information Information flows up, not down Writes up allowed, writes down disallowed *-Property (Step 1) Subject s can write object o iff L(s) L(o) and s has permission to write o Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission) Sometimes called no writes down rule 51
52 Basic Security Theorem, Step 1 If a system is initially in a secure state, and every transition of the system satisfies the simple security condition, step 1, and the *-property, step 1, then every state of the system is secure Proof: induct on the number of transitions 52
53 Bell-LaPadula Model, Step 2 Expand notion of security level to include categories Security level is (clearance, category set) Examples ( Top Secret, { NUC, EUR, ASI } ) ( Confidential, { EUR, ASI } ) ( Secret, { NUC, ASI } ) 53
54 Levels and Lattices (A, C) dom (A, C ) iff A A and C C Examples (Top Secret, {NUC, ASI}) dom (Secret, {NUC}) (Secret, {NUC, EUR}) dom (Confidential,{NUC, EUR}) (Top Secret, {NUC}) dom (Confidential, {EUR}) Let C be set of classifications, K set of categories. Set of security levels L = C K, dom form lattice lub(l) = (max(a), C) glb(l) = (min(a), ) 54
55 Levels and Ordering Security levels partially ordered Any pair of security levels may (or may not) be related by dom dominates serves the role of greater than in step 1 greater than is a total ordering, though 55
56 Reading Information Information flows up, not down Reads up disallowed, reads down allowed Simple Security Condition (Step 2) Subject s can read object o iff L(s) dom L(o) and s has permission to read o Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission) Sometimes called no reads up rule 56
57 Writing Information Information flows up, not down Writes up allowed, writes down disallowed *-Property (Step 2) Subject s can write object o iff L(o) dom L(s) and s has permission to write o Note: combines mandatory control (relationship of security levels) and discretionary control (the required permission) Sometimes called no writes down rule 57
58 Basic Security Theorem, Step 2 If a system is initially in a secure state, and every transition of the system satisfies the simple security condition, step 2, and the *- property, step 2, then every state of the system is secure Proof: induct on the number of transitions In actual Basic Security Theorem, discretionary access control treated as third property, and simple security property and *-property phrased to eliminate discretionary part of the definitions but simpler to express the way done here. 58
59 Problem Colonel has (Secret, {NUC, EUR}) clearance Major has (Secret, {EUR}) clearance Major can talk to colonel ( write up or read down ) Colonel cannot talk to major ( read up or write down ) Clearly absurd! 59
60 Solution Define maximum, current levels for subjects maxlevel(s) dom curlevel(s) Example Treat Major as an object (Colonel is writing to him/her) Colonel has maxlevel (Secret, { NUC, EUR }) Colonel sets curlevel to (Secret, { EUR }) Now L(Major) dom curlevel(colonel) Colonel can write to Major without violating no writes down Does L(s) mean curlevel(s) or maxlevel(s)? Formally, we need a more precise notation 60
61 Integrity Policies Overview Requirements Biba s models Clark-Wilson model 61
62 Requirements of Policies (Lipner 1982) 1. Users will not write their own programs, but will use existing production programs and databases. 2. Programmers will develop and test programs on a nonproduction system; if they need access to actual data, they will be given production data via a special process, but will use it on their development system. 3. A special process must be followed to install a program from the development system onto the production system. 4. The special process in requirement 3 must be controlled and audited. 5. The managers and auditors must have access to both the system state and the system logs that are generated. 62
63 Basic Principles Separation of duty Separation function Auditing 63
64 Intuition for Integrity Levels The higher the level, the more confidence That a program will execute correctly That data is accurate and/or reliable Note relationship between integrity and trustworthiness Important point: integrity levels are not security levels 64
65 Clark-Wilson Integrity Model Integrity defined by a set of constraints Data in a consistent or valid state when it satisfies these Example: Bank D today s deposits, W withdrawals, YB yesterday s balance, TB today s balance Integrity constraint: D + YB W Well-formed transaction move system from one consistent state to another Issue: who examines, certifies transactions done correctly? 65
66 Entities CDIs: constrained data items Data subject to integrity controls UDIs: unconstrained data items Data not subject to integrity controls IVPs: integrity verification procedures Procedures that test the CDIs conform to the integrity constraints TPs: transaction procedures Procedures that take the system from one valid state to another 66
67 Certification Rules 1 and 2 CR1 When any IVP is run, it must ensure all CDIs are in a valid state CR2 For some associated set of CDIs, a TP must transform those CDIs in a valid state into a (possibly different) valid state Defines relation certified that associates a set of CDIs with a particular TP Example: TP balance, CDIs accounts, in bank example 67
68 Enforcement Rules 1 and 2 ER1 The system must maintain the certified relations and must ensure that only TPs certified to run on a CDI manipulate that CDI. ER2 The system must associate a user with each TP and set of CDIs. The TP may access those CDIs on behalf of the associated user. The TP cannot access that CDI on behalf of a user not associated with that TP and CDI. System must maintain, enforce certified relation System must also restrict access based on user ID (allowed relation) 68
69 Users and Rules CR3 The allowed relations must meet the requirements imposed by the principle of separation of duty. ER3 The system must authenticate each user attempting to execute a TP Type of authentication undefined, and depends on the instantiation Authentication not required before use of the system, but is required before manipulation of CDIs (requires using TPs) 69
70 Logging CR4 All TPs must append enough information to reconstruct the operation to an append-only CDI. This CDI is the log Auditor needs to be able to determine what happened during reviews of transactions 70
71 Handling Untrusted Input CR5 Any TP that takes as input a UDI may perform only valid transformations, or no transformations, for all possible values of the UDI. The transformation either rejects the UDI or transforms it into a CDI. In bank, numbers entered at keyboard are UDIs, so cannot be input to TPs. TPs must validate numbers (to make them a CDI) before using them; if validation fails, TP rejects UDI 71
72 Separation of Duty In Model ER4 Only the certifier of a TP may change the list of entities associated with that TP. No certifier of a TP, or of an entity associated with that TP, may ever have execute permission with respect to that entity. Enforces separation of duty with respect to certified and allowed relations 72
73 Comparison With Requirements 1. Users can t certify TPs, so CR5 and ER4 enforce this 2. Procedural, so model doesn t directly cover it; but special process corresponds to using TP No technical controls can prevent programmer from developing program on production system; usual control is to delete software tools 3. TP does the installation, trusted personnel do certification 73
74 Comparison With Requirements 4. CR4 provides logging; ER3 authenticates trusted personnel doing installation; CR5, ER4 control installation procedure New program UDI before certification, CDI (and TP) after 5. Log is CDI, so appropriate TP can provide managers, auditors access Access to state handled similarly 74
75 Hybrid Policies Chinese Wall Model Focuses on conflict of interest CISS Policy Combines integrity and confidentiality 75
76 Chinese Wall Model Problem: Tony advises American Bank about investments He is asked to advise Toyland Bank about investments Conflict of interest to accept, because his advice for either bank would affect his advice to the other bank 76
77 Organization Organize entities into conflict of interest classes Control subject accesses to each class Control writing to all classes to ensure information is not passed along in violation of rules Allow sanitized data to be viewed by everyone 77
78 Definitions Objects: items of information related to a company Company dataset (CD): contains objects related to a single company Written CD(O) Conflict of interest class (COI): contains datasets of companies in competition Written COI(O) Assume: each object belongs to exactly one COI class 78
79 Example Bank COI Class Gasoline Company COI Class Bank of America Shell Oil Standard Oil Citibank Bank of the W est Union 76 ARCO 79
80 Temporal Element If Anthony reads any CD in a COI, he can never read another CD in that COI Possible that information learned earlier may allow him to make decisions later Let PR(S) be set of objects that S has already read 80
81 CW-Simple Security Condition s can read o iff either condition holds: 1. There is an o such that s has accessed o and CD(o ) = CD(o) Meaning s has read something in o s dataset 2. For all o O, o PR(s) COI(o ) COI(o) Meaning s has not read any objects in o s conflict of interest class Ignores sanitized data (see below) Initially, PR(s) =, so initial read request granted 81
82 Sanitization Public information may belong to a CD As is publicly available, no conflicts of interest arise So, should not affect ability of analysts to read Typically, all sensitive data removed from such information before it is released publicly (called sanitization) Add third condition to CW-Simple Security Condition: 3. o is a sanitized object 82
83 Writing Anthony, Susan work in same trading house Anthony can read Bank 1 s CD, Gas CD Susan can read Bank 2 s CD, Gas CD If Anthony could write to Gas CD, Susan can read it Hence, indirectly, she can read information from Bank 1 s CD, a clear conflict of interest 83
84 CW-*-Property s can write to o iff both of the following hold: 1. The CW-simple security condition permits s to read o; and 2. For all unsanitized objects o, if s can read o, then CD(o ) = CD(o) Says that s can write to an object if all the (unsanitized) objects it can read are in the same dataset 84
85 Compare to Bell-LaPadula Fundamentally different CW has no security labels, B-LP does CW has notion of past accesses, B-LP does not Bell-LaPadula cannot track changes over time Susan becomes ill, Anna needs to take over C-W history lets Anna know if she can No way for Bell-LaPadula to capture this The Bell-Lpadula model cannot emulate the CW Model 85
86 Compare to Clark-Wilson Clark-Wilson Model covers integrity, so consider only access control aspects If subject is a specific person and includes all processes the subject executes, then consistent with Clark-Wilson Model 86
87 S&P Policy Languages A complete policy management framework must support policy specification, policy analysis, verification and validation and enforcement. More precisely it must include a policy specification language that allows the expression of policies, built-in support and authoring tool for policy creation (policy editors and policy definition environments, like syntax checkers), verification, consistency analysis (and redundancy) and conflict detection and resolution (in case of multiple policies, to ensure the correctness and quality of the policies specified). For conflict resolution and detection there are rule and policy combination algorithms. a policy deployment model for the distribution of policies into enforcement points. a policy analysis mechanism for making the correct policy enforcement decisions (this usually a distinct component called decision engine). a policy monitoring and enforcement mechanism that facilitates the identification and execution of policy actions. Generally, there are (at least) two main levels of policy definition: A Low level Policy language that it is specified to match system capabilities. A High level Policy that it depends on the end-goal and it is relatively independent of the underlying technology. 87
88 High-level policy language Formalism-based Languages A graph-based policy language states the policy in terms of a graph. A petrinet-based policy language expresses the valid (i.e. policy compliant behaviour) of a system by means of a petri net. A logic-based policy language states the policy in terms of formulas of an appropriate logic such as first-order logic or firstorder linear temporal logic. Non-formalism-based languages A rule-based policy language A non-formalism-based property declaration policy language. A programming language based policy language. Passive/active languages. Declarative/imperative languages. 88
89 S&P Policy Languages - Examples Platform for Privacy Preferences (P3P), A P3P Preference Exchange Language (APPEL), Customer Profile Exchange (CPExchange), Privacy Rights Markup Language (PRML), XML Access Control Language (XACL), Platform for Enterprise Privacy Practices (E-P3P), Security Assertion Markup Language (SAML), Rei, extensible Access Control Markup Language (XACML), Enterprise Privacy Authorization Language (EPAL), X-Path Based Preference Language (XPref), Declarative Privacy Authorization Language (DPAL), Geographic Location / Privacy (Geopriv). 89
90 S&P Policy Languages - Examples 90
CSE509: (Intro to) Systems Security
CSE509: (Intro to) Systems Security Fall 2012 Radu Sion Integrity Policies Hybrid Policies 2005-12 parts by Matt Bishop, used with permission Integrity Policies: Overview Requirements Very different than
More informationChapter 7: Hybrid Policies
Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Slide #7-1 Overview Chinese Wall Model Focuses on conflict of interest CISS Policy Combines
More informationChapter 6: Integrity Policies
Chapter 6: Integrity Policies Overview Requirements Biba s models Clark-Wilson model Slide #6-1 Overview Requirements Very different than confidentiality policies Biba s model Clark-Wilson model Slide
More informationMay 1: Integrity Models
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models
More informationIntegrity Policies. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Integrity Policies Murat Kantarcioglu Requirements of Policies for Commercial Applications [Lipner 1982] 1. Users will not write their own
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 6 October 6, 2009 Hybrid Models Role based Access Control 1 Objective Define/Understand various Integrity models
More informationCS 392/ CS Computer Security. Nasir Memon Polytechnic University Module 7 Security Policies
CS 392/ CS 681 - Computer Security Nasir Memon Polytechnic University Module 7 Security Policies Course Logistics Security Week Questions about Midterm grading Read parts of chapters 4, 5, 6 and 7. Homework
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Hybrid Models Role based Access Control Feb 3, 2016 1 Objective Define/Understand various Integrity models Clark-Wilson
More informationCS52600: Information Security
CS52600: Information Security Policy 13 September 2010 Prof. Chris Clifton Security Policy What is a security policy? Defines what it means for a system to be secure Formally: Partition system into Secure
More informationAccess Control Models Part II
Access Control Models Part II CERIAS and CS &ECE Departments Pag. 1 Introduction Other models: The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model; however, it is sometimes
More informationCCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson
CCM 4350 Lecture 14 Security Models 2: Biba, Chinese Wall, Clark Wilson Introduction Bell-LaPadula model designed to capture a specific military security policy. At one time treated as the model of security.
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationSecurity Models Trusted Zones SPRING 2018: GANG WANG
Security Models Trusted Zones SPRING 2018: GANG WANG Access Control Slides credit to Ethan L. Miller and Scott A. Brandt Protection Domains Three protection domains Each lists objects with permitted operations
More informationMechanisms. Entity or procedure that enforces some part of the security policy
Mechanisms Entity or procedure that enforces some part of the security policy Access controls (like bits to prevent someone from reading a homework file) Disallowing people from bringing CDs and floppy
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 11 - Access Control October 10, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Access Control System Protection Domain What can be accessed by a process Default
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationComputer Security. Access control. 5 October 2017
Computer Security Access control 5 October 2017 Policy and mechanism A security policy is a statement of what is, and what is not, allowed. A security mechanism is a method, tool or procedure for enforcing
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationAdvanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96
Advanced Access Control In many cases, identity is a bad criteria for authorization. We examine two modern paradigms for access control, which overcome this limitation: 1. Role-Based Access Control 2.
More informationCIS433/533 - Introduction to Computer and Network Security. Access Control
CIS433/533 - Introduction to Computer and Network Security Access Control Professor Butler Winter 2011 Computer and Information Science Trusted Computing Base The trusted computing base is the infrastructure
More informationAccess Control (slides based Ch. 4 Gollmann)
Access Control (slides based Ch. 4 Gollmann) Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2013 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationPolicy, Models, and Trust
Policy, Models, and Trust 1 Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact with the system, Objects:the informational and
More informationP1_L6 Mandatory Access Control Page 1
P1_L6 Mandatory Access Control Page 1 We discussed access control in the last lesson. But that was only one kind of access control called discretionary access control, or DAC. That allows you to decide
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationSecurity Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008
Security Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008 Page 1 Outline Security terms and concepts Security policies Basic concepts Security policies for real systems Page
More informationOperating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)
Operating System Security Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own) Hw1 grades out this Friday Announcement Travel: out of town
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationLecture 5: Integrity Models
CS 591: Introduction to Computer Security Lecture 5: Integrity Models James Hook (Some materials from Bishop, copyright 2004) Last lecture Discussion? Last Lecture Bell LaPadula Confidentiality Lattice
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationComplex Access Control. Steven M. Bellovin September 10,
Complex Access Control Steven M. Bellovin September 10, 2013 1 Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix
More informationAsset Analysis -I. 1. Fundamental business processes 2.Critical ICT resources for these processes 3.The impact for the organization if
Asset Analysis Asset Analysis -I It discovers the assets that result in an impact (a loss for the organization) if successfully attacked It should discover which ICT resources an organization needs to
More informationLecture 4: Bell LaPadula
CS 591: Introduction to Computer Security Lecture 4: Bell LaPadula James Hook Objectives Introduce the Bell LaPadula framework for confidentiality policy Discuss realizations of Bell LaPadula References:
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationCCM Lecture 12. Security Model 1: Bell-LaPadula Model
CCM 4350 Lecture 12 Security Model 1: Bell-LaPadula Model Why Security Models? When we have implemented a security policy, do we know that it will (and can) be enforced? E.g., if policies get too intricate,
More informationCS 591: Introduction to Computer Security. Lecture 3: Policy
CS 591: Introduction to Computer Security Lecture 3: Policy James Hook Objectives Explore what a security policy is; develop a vocabulary to discuss policies Examine the role of trust in policy 1 What
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationCSE361 Web Security. Access Control. Nick Nikiforakis
CSE361 Web Security Access Control Nick Nikiforakis nick@cs.stonybrook.edu Access Control: introduction How do we protect our confidential data from unauthorized usage? Two important cases: An attacker
More informationVerifiable Security Goals
C H A P T E R 5 Verifiable Security Goals 57 In this chapter, we examine access control models that satisfy the mandatory protection system of Definition 2.4 in Chapter 2. A mandatory protection system
More informationIssues of Operating Systems Security
ECAI 2007 - International Conference Second Edition Electronics, Computers and Artificial Intelligence 29 th 30 th June, 2007, Piteşti, ROMÂNIA Issues of Operating Systems Security Academy of Economic
More informationDion Model. Objects and their classification
Dion Model (1981) Proposed as a mandatory policy which protects the secrecy and integrity together. Combines the principles of the BLP and Biba models (strict consistency policy) No discretionary policy
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAccess Control Part 1 CCM 4350
Access Control Part 1 CCM 4350 Overview of Access Control Lectures Three Lectures on Access Control following D. Gollmann. Computer Security. Wiley: Chapter 4. Part 1: Authorisation and Access Operation
More informationIBM Security Identity Manager Version Planning Topics IBM
IBM Security Identity Manager Version 7.0.1 Planning Topics IBM IBM Security Identity Manager Version 7.0.1 Planning Topics IBM ii IBM Security Identity Manager Version 7.0.1: Planning Topics Table of
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationWaterfall Life Cycle Model
Waterfall Life Cycle Model Requirements definition and analysis Functional and non-functional General (for customer), specifications System and software design Implementation and unit testing Integration
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationAccess Control Part 3 CCM 4350
Access Control Part 3 CCM 4350 Today s Lecture Repetition of Structuring Access Control Fresh up notions of Partial Orders Again Example of Groups ordering for VSTa- Microkernel abilities as Motivation
More informationCPS221 Lecture: Operating System Protection
Objectives CPS221 Lecture: Operating System Protection last revised 9/5/12 1. To explain the use of two CPU modes as the basis for protecting privileged instructions and memory 2. To introduce basic protection
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationCSC 482/582: Computer Security. Security Policies
Security Policies Topics 1. What is a security policy? 2. Types of Policies 3. Trust 4. Trusted Computing Base (TCB) 5. Types of Access Control 1. Discretionary (DAC) 2. Mandatory (MAC) 3. Originator-based
More informationLecture 21. Isolation: virtual machines, sandboxes Covert channels. The pump Why assurance? Trust and assurance Life cycle and assurance
Lecture 21 Isolation: virtual machines, sandboxes Covert channels Detection Mitigation The pump Why assurance? Trust and assurance Life cycle and assurance May 17, 2013 ECS 235B Spring Quarter 2013 Slide
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationFormal methods and access control. Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8
Formal methods and access control Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8 Today s topics: Access control basics Model Matrix and protection states Access control
More informationChapter 4: Access Control
(DAC) Chapter 4: Comp Sci 3600 Security Outline (DAC) 1 2 (DAC) 3 4 5 Attribute-based control (DAC) The prevention of unauthorized use of a resource, including the prevention of use of a resource in an
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Access Control Access control is where security engineering meets computer science. Its function is to control which (active) subject have access to a which
More informationA SECURITY MODEL FOR MILITARY MESSAGE SYSTEMS
A SECURITY MODEL FOR MILITARY MESSAGE SYSTEMS Carl E. Landwehr Constance L. Heitmeyer John McLean Computer Science and Systems Branch Information Technology Division Naval Research Laboratory Washington,
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationLecture 11 Lecture 11 Nov 5, 2014
Formal Verification/Methods Lecture 11 Lecture 11 Nov 5, 2014 Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems to be analyzed, and
More informationInformation Security. Structure. Common sense security. Content. Corporate security. Security, why
Information Security Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory teemupekka.virtanen@hut.fi Structure 1. Information security What, why, content
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 4.4 Role-Based Access Control (RBAC) 1 OUTLINE Role-based Access Control Motivation Features Models Issues 2 1 OWNER-BASED DAC owner has all-or-nothing power
More informationIntroduction to Assurance
Introduction to Assurance Overview Why assurance? Trust and assurance Life cycle and assurance April 1, 2015 Slide #1 Overview Trust Problems from lack of assurance Types of assurance Life cycle and assurance
More informationMandatory Access Control
Mandatory Access Control 1 DAC and Trojan Horse Brown: read, write Employee Brown Read Employee REJECTED! Black is not allowed To access Employee Black, Brown: read, write Black s Employee Black 2 1 DAC
More informationChapter 15: Information Flow
Chapter 15: Information Flow Definitions Compiler-based mechanisms Execution-based mechanisms Examples Slide #15-1 Overview Basics and background Compiler-based mechanisms Execution-based mechanisms Examples
More informationTRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model
TRUST. assured reliance on the character, ability, strength, or truth of someone or something - Merriam-Webster TRUST AND IDENTITY July 2017 Trusted Relationships for Access Management: The InCommon Model
More informationSystem design issues
System design issues Systems often have many goals: - Performance, reliability, availability, consistency, scalability, security, versatility, modularity/simplicity Designers face trade-offs: - Availability
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationJustifying Integrity Using a Virtual Machine Verifier
Justifying Integrity Using a Virtual Machine Verifier Joshua Schiffman, Thomas Moyer, Christopher Shal, Trent Jaeger, and Patrick McDaniel ACSAC 09 1 1 Cloudy Horizons Utility-based cloud computing is
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationExercises with solutions, Set 3
Exercises with solutions, Set 3 EDA625 Security, 2017 Dept. of Electrical and Information Technology, Lund University, Sweden Instructions These exercises are for self-assessment so you can check your
More information8.3 Mandatory Flow Control Models
8.3 Mandatory Flow Control Models Mingsen Xu Advanced Operating System 2011-10-26 Outline Mandatory Flow Control Models - Information Flow Control - Lattice Model - Multilevel Security Model - Bell-Lapadula
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationConflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences
xorbac Conflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences Mark Strembeck Department of Information Systems, New Media Lab Vienna University of Economics and BA, Austria
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationWhat is orbac? ability to group several authorizations in to profiles to easily add/remove a set of authorizations to an employee
What is orbac? orbac orbac (opns Role Based Access Control) is a IT security solution that enables a structured, centralized, hierarchical and delegated management of IT privileges. orbac is based on the
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationInformation Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC
Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control
More informationCore Role Based Access Control (RBAC) mechanism for MySQL
Core Role Based Access Control (RBAC) mechanism for MySQL by Ian Molloy Radu Dondera Umang Sharan CS541 Project Report Under the Guidance of Prof. Elisa Bertino With the Department of Computer Science
More informationMobile and Heterogeneous databases Security. A.R. Hurson Computer Science Missouri Science & Technology
Mobile and Heterogeneous databases Security A.R. Hurson Computer Science Missouri Science & Technology 1 Note, this unit will be covered in two lectures. In case you finish it earlier, then you have the
More informationNational Identity Exchange Federation. Terminology Reference. Version 1.0
National Identity Exchange Federation Terminology Reference Version 1.0 August 18, 2014 Table of Contents 1. INTRODUCTION AND PURPOSE... 2 2. REFERENCES... 2 3. BASIC NIEF TERMS AND DEFINITIONS... 5 4.
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Delta Security Technologies Sentinel Model III Computer Security System Report Number: CCEVS-VR-02-0023
More informationAttribute-Based Access Control Models
Institute for Cyber Security Attribute-Based Access Control Models Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at
More informationCS590U Access Control: Theory and Practice. Lecture 15 (March 1) Overview of Trust Management
CS590U Access Control: Theory and Practice Lecture 15 (March 1) Overview of Trust Management Review of HW3 On Sandhu s Lattice-Based Enforcement of Chinese Walls users, principals, and subjects the distinction
More informationAnalysis of Various RBAC and ABAC Based Access Control Models with Their Extension
Analysis of Various RBAC and ABAC Based Access Control Models with Their Extension Prajapati Barkha, Gurucharansingh Sahani Student, Assistant Professor, Computer Engineering Department, Sardar Vallabhbhai
More informationPolicy Based Security
BSTTech Consulting Pty Ltd Policy Based Security The implementation of ABAC Security through trusted business processes (policy) and enforced metadata for people, systems and information. Bruce Talbot
More information