Access control models and policies
|
|
- Erik Sparks
- 6 years ago
- Views:
Transcription
1 Access control models and policies Tuomas Aura T Information security technology Aalto University, autumn 2011
2 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2
3 ACCESS CONTROL 3
4 Access control (AC) Subjects request actions on objects Alice wants to read a file Bob wants to update account balance Process wants to open a socket AC = authentication + authorization authentication = verifying the identity of the subject authorization = checking that the subject has the right to perform the requested action on the subject 4
5 Reference monitor Audit trail Subjects Access requests Reference monitor Objects Access rules Reference monitor controls access by subjects to objects Grants or denies access requests Logs events to audit trail Follows rules set by administrators (i.e. implements a policy) Trusted computing base (TCB) = all system components that need to be trusted to implement access control Security kernel = implementation of reference monitor in an OS But more about the implementation later; now we are talking about policies 5
6 Access control matrix Access control matrix is the simplest, most general AC model M : Subjects Objects Actions Alice Bob Process 4567 Process 6789 file1.txt read, write read read, write append file2.txt write read - - Socket s open, read, write, close AC matrix represents the protection state of a system 6
7 Protection systems Background information if you want to read classic computer security literature AC matrix represents the static protection state Dynamic protection systems are more interesting Subjects and AC matrix cells can also be objects Access to them is also controlled by the matrix Protection state transitions Subjects may grant and remove access rights Subjects may create and destroy subjects and objects Early research on computer security studied protection systems with different definitions of state transitions Safety question: given an initial state and implementation of transitions, can subject s get the access right r to object o? E.g. HRU model (safety undecidable), take-grant model (safety decidable) Study of protection systems is not so relevant today, but AC matrix is still a useful way to think about access control 7
8 DISCRETIONARY ACCESS CONTROL 8
9 Discretionary access control (DAC) Data owners, usually users, set access rights Subjects are trusted to make decisions about sharing access rights with others Users decide who is allowed to access their files User who can read a secret file can also print and it Process that can read a secret file can also send it to the network DAC is also called identity-based AC Typical in commercial and consumer systems There may be a policy against sharing and access may be audited, but the policy is not enforced technically Examples of DAC outside computers: Person with a key can open the door to others; door keys can be shared and copied Tell your friend a secret on the condition that he does not tell it to anyone else 9
10 Access control list (ACL) ACL = list of the access rights associated with an object ACLs are another way to represent the AC matrix: one row of the matrix is stored with each object file1.txt ACL: Alice: { read, write }; Bob: { read }; Process 4567: { read, write }; Process 6789: { append }. file2.txt ACL: Alice: { write }; Bob: { read }. Socket s ACL: Process 6789: { open, read, write, close }. ACL examples: Key cards, table reservations, Windows file system 10
11 Capabilities Capability = an access right associated with the subject Capabilities are another way to represent the AC matrix: one column is stored with each subject Alice s capabilities: file1.txt: { read, write }; file2.txt: { write }. Bob s capabilities: file1.txt: { read }; file2.txt: { read }. Process 4567 capabilities: file1.txt: { read, write }. Process 6789 capabilities: file1.txt: { append }; Socket s: {open, read, write, close }. Examples of capabilities: metal keys, driver s license, parking permit 11
12 MANDATORY ACCESS CONTROL 12
13 Mandatory access control (MAC) Access rights are based on rules (i.e. policy) set by administration The AC policy is enforced and cannot be changed by users Subjects cannot leak access rights to others User can read a secret file but cannot copy, print or ; file viewer application prevents cut-and-paste and screen shots One process can access the Internet, another write files to the disk MAC is also called rule-based AC MAC originates from military policies Intelligence officer may not be allowed to read his own reports Officer can read a secret plan but cannot take a copy out of the room Officer who has contact with foreign agents may lose access to classified information 13
14 Mandatory access control (MAC) MAC has some uses in commercial systems DRM: Alice can play the music she has purchased, but cannot share it Malware isolation: Host firewall may block potential spyware from making outbound connections to prevent information leaks Examples of MAC-like systems outside computers: Biometric authentication cannot be shared, e.g. photo on driver s license or signature on credit card Admit-one event tickets: UV stamps, shredding bracelets In UK, jurors must not read newspapers or watch TV about the case so that they are not influenced by them 14
15 Clearance and classification Mandatory access control rules are often based on security labels on subjects and objects Subject clearance Object classification l : (Subjects Objects) Labels MAC based on clearance and classification levels is also called multi-level security (MLS) Simple security property: S can read O iff l(s) l(o) Top secret Secret Confidential Unclassified High Low 15
16 Multi-level security Labels depend on the organization but should form a lattice Labels, (i.e. a partial order with join and meet operations) Example. military security labels Levels: top secret > secret > confidential > unclassified Categories = { army, navy, air force } Labels = Levels P(Categories) Domination relation: <level1,categories1> <level2,categories2> iff level1 level2 and categories1 categories2 Theoretical publications often consider only two labels: high > low How to define labels for commercial systems? 16
17 Top secret, army Top secret, army & navy Top secret, navy Lattice example Top secret, Secret, army & navy Secret, army Secret, navy Secret, Classified, army & navy Classified, army Classified, navy Classified, Unclassified 17
18 Labels Finnish government Asetus viranomaisten toiminnan julkisuudesta ja hyvästä tiedonhallintatavasta / Not a lattice, though 18
19 Bell-LaPadula model Bell-LaPadula (BLP) is a MAC policy for protecting secrets Military security model for computers; military is mostly concerned with protecting secrets Observation: the simple security property is not sufficient to prevent secrets from leaking Bell-LaPadula: Simple security property: S can read O iff l(s) l(o) *-property: S can write O iff l(o) l(s) Also called: no read up, no write down 19
20 Biba model In computer systems, integrity of data and the system is often more important than confidentiality Which is more important in a bank IT systems? Biba is a MAC policy for protecting integrity of data Biba is the dual of Bell-LaPadula: S can write O iff l(s) l(o) S can read O iff l(o) l(s) Also called: no write up, no read down 20
21 Biba examples Integrity policies in commercial computer systems: Web application open in the browser should not write to the file system Type safety should prevent communication between Java or.net applications running in the same runtime environment Virtual machines running in the same host are isolated from each other 21
22 Information flow security BLP and Biba are information flow policies BLP prevents flow of information from high to low Biba prevents flow if information from low to high Information flow policies are the basis for many security proofs. Typical proofs show non-interference: view of one subject is not affected by the data of the other low output does not depend on high input, or high output does not depend on low input high input high output System low input low output How to use BLP and Biba in the same system? 22
23 High water mark, low water mark What happens to classification when you combine low and high information into a new object? High water mark policy for secrecy: always set the classification to the highest input Low water mark policy for integrity: always set the classification if to the lowest input Problem: Over time, all documents will become top secret with the lowest integrity level 23
24 Upgrading and downgrading Upgrading, downgrading: In practice, security levels need to be changed by humans E.g. downgrading documents for publication E.g. upgrading intelligence reports that aggregate a lot of lowlevel data Documents may need to be sanitized (i.e. redacted) before downgrading E.g. removing personal names from military documents before publication Sanitization may be difficult High subjects can use covert channels to leak data intentionally, e.g. hide data in photos Mistakes easy to make e.g. US military painting black box over text in PDF e.g. AOL publishing anonymized web search data 24
25 OTHER ACCESS CONTROL MODELS 25
26 Clark-Wilson model Data integrity cannot always be expressed in terms of MLS, i.e. who has access to what data E.g. transfers between bank accounts must not change the total balance Integrity in many commercial systems depends on following the correct procedures Clark-Wilson model defines rules for commercial systems for how to maintain data integrity: Transactions must transform data items from a consistent state to another consistent state Auditing and procedural controls to enforce this (The specific rules could be different in each system) Clark-Wilson model has not really been implemented; it is important because of the idea of using accounting rules as a model for security policy 26
27 Chinese Wall model Conflicts of interest are common in business: Consulting company, investment bank, or law office may be advising competing clients and must keep their information separate The clients are assigned to different employees who do not exchange information between them To avoid conflicts of interest, the access control policy must take into account the information previously accessed by the subject Chinese Wall model: If subject S has previously accessed an object O1 and the objects O1 and O2 are in a conflict of interest, then S may not access O2 Subject can fall to either side of the wall but cannot change sides later 27
28 Separation of duty Chinese Wall is an example of separation of duty Other separation of duty policies: Expense claim requires two signatures: the claimant and an authorized approver, e.g. department manager, but nobody is allowed to approve their own expenses Auditors are often required to be from outside the company Keys to a safe may be given to two different persons Lecturers issue grades to students but only study office staff can enter them into the study register Unlike BLP and Biba, separation of duty policies are stateful 28
29 Groups and roles Adding structure to policies Group = set of subjects E.g. Administrators, T students Object ACL can list groups in addition to individual users Both group membership and ACLs change over time Role = set of permissions (i.e. permitted actions on objects) E.g. Administrator, T teacher, SCI-professor Roles are usually relatively static; their assignment to users changes Both are forms of indirection Subjects * * Roles or * * groups Objects x Actions 29
30 Role-based access control (RBAC) NIST standard Modeling high-level roles in an organization E.g. Doctor, Nurse, Student, Lecturer, Course-assistant Roles defined once; changed infrequently Roles may be parameterized E.g. Treating doctor of Mr. Smith, Lecturer or Student of T Roles may form a hierarchy with inheritance Roles are assigned to users for longer term but activated on demand for each session Constraints on role assignment and activation can implement separation of duty 30
31 Other access control models Originator-controlled AC (ORCON) Creator of data retains control over access to it Attribute-based AC Access control is based in subject attributes instead of subject identity AC = attribute verification + authorization E.g. need to be 18 to buy tobacco; need to be an Aalto student to access course material Enables anonymous access Double-blinded review for scientific journals Many other AC models have been proposed 31
32 Why study these AC models? Abstract models help to see the similarities between different products and implementations E.g. how many different user interfaces have you seen that implement an ACL? They also help to understand the expressiveness and limitations of the technologies E.g. a stateless AC system cannot implement separation of duty, while one separation-of-duty policy can often be used to implement others Some models presented in this lecture are unrealistic! Nevertheless, they can be useful as tools for thinking about security policies 32
33 Reading material Dieter Gollmann: Computer Security, 2nd ed., chapters 4, 8, 9 Matt Bishop: Introduction to computer security, chapters 2-7 Edward Amoroso: Fundamentals of Computer Security Technology, chapters 6-13 Ross Anderson: Security Engineering, 2nd ed., chapter 8 Online sources: Trusted Computer System Evaluation Criteria. United States Department of Defense. December DoD Standard STD. (This is the classic Orange Book. Just take a quick look.) Richard Smith, MLS Introduction, from Handbook of Information Security, Wiley 2006 Ravi Sandhu, Role-based access control models, IEEE Computer, Feb 1996 (text also here) 33
34 Exercises What are the subjects, object and actions in Noppa? What security labels and MAC policy would be suitable for Noppa? Give examples of systems that require confidentiality or integrity but not both. Which AC model and what kind of security labels could be used to describe VM isolation? What label would be hypervisor or VM monitor get? Could you define different confidentiality labels and integrity labels and then use both Bell-LaPadula and Biba policies in the same system? Give an example. Define RBAC roles that could be used in the implementations of Noppa. To what extent can your RBAC policy (above) be implemented with groups? 34
Access control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2013 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationSecurity Models Trusted Zones SPRING 2018: GANG WANG
Security Models Trusted Zones SPRING 2018: GANG WANG Access Control Slides credit to Ethan L. Miller and Scott A. Brandt Protection Domains Three protection domains Each lists objects with permitted operations
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 11 - Access Control October 10, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Access Control System Protection Domain What can be accessed by a process Default
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationCCM Lecture 12. Security Model 1: Bell-LaPadula Model
CCM 4350 Lecture 12 Security Model 1: Bell-LaPadula Model Why Security Models? When we have implemented a security policy, do we know that it will (and can) be enforced? E.g., if policies get too intricate,
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationComputer Security. Access control. 5 October 2017
Computer Security Access control 5 October 2017 Policy and mechanism A security policy is a statement of what is, and what is not, allowed. A security mechanism is a method, tool or procedure for enforcing
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationOperating System Security. Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own)
Operating System Security Access control for memory Access control for files, BLP model Access control in Linux file systems (read on your own) Hw1 grades out this Friday Announcement Travel: out of town
More informationCIS433/533 - Introduction to Computer and Network Security. Access Control
CIS433/533 - Introduction to Computer and Network Security Access Control Professor Butler Winter 2011 Computer and Information Science Trusted Computing Base The trusted computing base is the infrastructure
More informationComplex Access Control. Steven M. Bellovin September 10,
Complex Access Control Steven M. Bellovin September 10, 2013 1 Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix
More informationCSE509: (Intro to) Systems Security
CSE509: (Intro to) Systems Security Fall 2012 Radu Sion Integrity Policies Hybrid Policies 2005-12 parts by Matt Bishop, used with permission Integrity Policies: Overview Requirements Very different than
More informationAccess Control (slides based Ch. 4 Gollmann)
Access Control (slides based Ch. 4 Gollmann) Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their
More informationP1_L6 Mandatory Access Control Page 1
P1_L6 Mandatory Access Control Page 1 We discussed access control in the last lesson. But that was only one kind of access control called discretionary access control, or DAC. That allows you to decide
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationComputer Security 3e. Dieter Gollmann. Chapter 5: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 5: 1 Chapter 5: Access Control Chapter 5: 2 Introduction Access control: who is allowed to do what? Traditionally, who is a person.
More informationDAC vs. MAC. Most people familiar with discretionary access control (DAC)
p. 1/1 DAC vs. MAC Most people familiar with discretionary access control (DAC) - Example: Unix user-group-other permission bits - Might set a fileprivate so only groupfriends can read it Discretionary
More informationPolicy, Models, and Trust
Policy, Models, and Trust 1 Security Policy A security policy is a well-defined set of rules that include the following: Subjects: the agents who interact with the system, Objects:the informational and
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationChapter 7: Hybrid Policies
Chapter 7: Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Slide #7-1 Overview Chinese Wall Model Focuses on conflict of interest CISS Policy Combines
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationAccess Control Part 3 CCM 4350
Access Control Part 3 CCM 4350 Today s Lecture Repetition of Structuring Access Control Fresh up notions of Partial Orders Again Example of Groups ordering for VSTa- Microkernel abilities as Motivation
More informationCCM Lecture 14. Security Models 2: Biba, Chinese Wall, Clark Wilson
CCM 4350 Lecture 14 Security Models 2: Biba, Chinese Wall, Clark Wilson Introduction Bell-LaPadula model designed to capture a specific military security policy. At one time treated as the model of security.
More informationChapter 6: Integrity Policies
Chapter 6: Integrity Policies Overview Requirements Biba s models Clark-Wilson model Slide #6-1 Overview Requirements Very different than confidentiality policies Biba s model Clark-Wilson model Slide
More informationInformation security summary
Information security summary Tuomas Aura CS-C3130 Information security Aalto University, autumn 2016 Outline Timeline of computer security (Areas of security) Engineering secure systems 2 TIMELINE OF COMPUTER
More informationMay 1: Integrity Models
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models
More informationCS 392/ CS Computer Security. Nasir Memon Polytechnic University Module 7 Security Policies
CS 392/ CS 681 - Computer Security Nasir Memon Polytechnic University Module 7 Security Policies Course Logistics Security Week Questions about Midterm grading Read parts of chapters 4, 5, 6 and 7. Homework
More informationAccess Control Models Part II
Access Control Models Part II CERIAS and CS &ECE Departments Pag. 1 Introduction Other models: The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model; however, it is sometimes
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationSecurity Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008
Security Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008 Page 1 Outline Security terms and concepts Security policies Basic concepts Security policies for real systems Page
More informationFall 2005 Joseph/Tygar/Vazirani/Wagner Final
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Final PRINT your name:, (last) SIGN your name: (first) PRINT your Unix account name: PRINT your TA s name: You may consult any books, notes,
More informationAdvanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96
Advanced Access Control In many cases, identity is a bad criteria for authorization. We examine two modern paradigms for access control, which overcome this limitation: 1. Role-Based Access Control 2.
More informationAccess Control Part 1 CCM 4350
Access Control Part 1 CCM 4350 Overview of Access Control Lectures Three Lectures on Access Control following D. Gollmann. Computer Security. Wiley: Chapter 4. Part 1: Authorisation and Access Operation
More informationLecture 4: Bell LaPadula
CS 591: Introduction to Computer Security Lecture 4: Bell LaPadula James Hook Objectives Introduce the Bell LaPadula framework for confidentiality policy Discuss realizations of Bell LaPadula References:
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationCS 591: Introduction to Computer Security. Lecture 3: Policy
CS 591: Introduction to Computer Security Lecture 3: Policy James Hook Objectives Explore what a security policy is; develop a vocabulary to discuss policies Examine the role of trust in policy 1 What
More informationIntegrity Policies. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Integrity Policies Murat Kantarcioglu Requirements of Policies for Commercial Applications [Lipner 1982] 1. Users will not write their own
More informationSystem design issues
System design issues Systems often have many goals: - Performance, reliability, availability, consistency, scalability, security, versatility, modularity/simplicity Designers face trade-offs: - Availability
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 4: Access Control Eran Tromer 1 Slides credit: John Mitchell, Stanford course CS155, 2010 Access control Assumptions System knows
More informationExercises with solutions, Set 3
Exercises with solutions, Set 3 EDA625 Security, 2017 Dept. of Electrical and Information Technology, Lund University, Sweden Instructions These exercises are for self-assessment so you can check your
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 6 October 6, 2009 Hybrid Models Role based Access Control 1 Objective Define/Understand various Integrity models
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationOperating system security
Operating system security Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline Access control models in operating systems: 1. Unix 2. Windows Acknowledgements: This
More informationCSE361 Web Security. Access Control. Nick Nikiforakis
CSE361 Web Security Access Control Nick Nikiforakis nick@cs.stonybrook.edu Access Control: introduction How do we protect our confidential data from unauthorized usage? Two important cases: An attacker
More informationAsset Analysis -I. 1. Fundamental business processes 2.Critical ICT resources for these processes 3.The impact for the organization if
Asset Analysis Asset Analysis -I It discovers the assets that result in an impact (a loss for the organization) if successfully attacked It should discover which ICT resources an organization needs to
More informationIntroduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations,
Preface p. xv Acknowledgments p. xvii Introduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations, and permissions
More informationAccess Control. Dr George Danezis
Access Control Dr George Danezis (g.danezis@ucl.ac.uk) Resources Key paper: Carl E. Landwehr: Formal Models for Computer Security. ACM Comput. Surv. 13(3): 247-278 (1981) See references to other optional
More informationHigh-Assurance Security/Safety on HPEC Systems: an Oxymoron?
High-Assurance Security/Safety on HPEC Systems: an Oxymoron? Bill Beckwith Objective Interface Systems, Inc. Phone: 703-295-6519 Email Address: bill.beckwith@ois.com W. Mark Vanfleet National Security
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationCOMPUTER SECURITY: THE GOOD, THE BAD, AND THE UGLY (with applications to embedded systems)
COMPUTER SECURITY: THE GOOD, THE BAD, AND THE UGLY (with applications to embedded systems) Catherine Meadows Naval Research Laboratory Code 5543 Washington, DC 20375 meadows@itd.nrl.navy.mil Introduction
More informationAccess Control and Protection
Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Hybrid Models Role based Access Control Feb 3, 2016 1 Objective Define/Understand various Integrity models Clark-Wilson
More informationFormal methods and access control. Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8
Formal methods and access control Dr. Hale University of Nebraska at Omaha Information Security and Policy Lecture 8 Today s topics: Access control basics Model Matrix and protection states Access control
More informationINFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2
Digital Signature Introduction to Computer Security Lecture 7 Digital Signature October 9, 2003 Construct that authenticates origin, contents of message in a manner provable to a disinterested third party
More informationAccess Control. Tom Chothia Computer Security, Lecture 5
Access Control Tom Chothia Computer Security, Lecture 5 The Crypto Wars 1993-1996: Clipper chip considered in US congress and rejected. Due partly to Matt Blaze s analysis and strongly attack by John Kerry
More informationVerifiable Security Goals
C H A P T E R 5 Verifiable Security Goals 57 In this chapter, we examine access control models that satisfy the mandatory protection system of Definition 2.4 in Chapter 2. A mandatory protection system
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 4.4 Role-Based Access Control (RBAC) 1 OUTLINE Role-based Access Control Motivation Features Models Issues 2 1 OWNER-BASED DAC owner has all-or-nothing power
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationChapter 4: Access Control
(DAC) Chapter 4: Comp Sci 3600 Security Outline (DAC) 1 2 (DAC) 3 4 5 Attribute-based control (DAC) The prevention of unauthorized use of a resource, including the prevention of use of a resource in an
More informationP1L5 Access Control. Controlling Accesses to Resources
P1L5 Access Control Controlling Accesses to Resources TCB sees a request for a resource, how does it decide whether it should be granted? Authentication establishes the source of a request Authorization
More informationInformation Security: Principles and Practice Second Edition. Mark Stamp
Information Security: Principles and Practice Second Edition Mark Stamp August 10, 2009 Contents Preface Second Edition Preface About The Author Acknowledgments xvii xix xxiii xxv 1 Introduction 1 1.1
More informationAdvanced Systems Security: Integrity
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationLecture 5: Integrity Models
CS 591: Introduction to Computer Security Lecture 5: Integrity Models James Hook (Some materials from Bishop, copyright 2004) Last lecture Discussion? Last Lecture Bell LaPadula Confidentiality Lattice
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationAccess Control. Access Control: enacting a security policy. COMP 435 Fall 2017 Prof. Cynthia Sturton. Access Control: enacting a security policy
Access Control: enacting a security policy Access Control COMP 435 Fall 2017 Prof. Cynthia Sturton Which users can access which resources and with which rights 2 Access Control: enacting a security policy
More informationIntergrity Policies CS3SR3/SE3RA3. Ryszard Janicki. Outline Integrity Policies The Biba Integrity Model
Intergrity Policies CS3SR3/SE3RA3 Ryszard Janicki Acknowledgments: Material based on Computer Security: Art and Science by Matt Bishop (Chapter 6) Ryszard Janicki Intergrity Policies 1 / 13 Outline 1 2
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationIdentity management. Tuomas Aura T Information security technology. Aalto University, autumn 2011
Identity management Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline 1. Single sign-on 2. OpenId 3. SAML and Shibboleth 4. Corporate IAM 5. Strong identity 2
More informationJérôme Kerviel. Dang Thanh Binh
Dang Thanh Binh Jérôme Kerviel Rogue trader, lost 4.9 billion Largest fraud in banking history at that time Worked in the compliance department of a French bank Defeated security at his bank by concealing
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Removable Storage Media Security Standard This standard is applicable to all VCU School of Medicine personnel.
More informationAdvanced Systems Security: Security Goals
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationA NEW APPROACH TO DYNAMIC INTEGRITY CONTROL
A NEW APPROACH TO DYNAMIC INTEGRITY CONTROL A dissertation submitted to Kent State University in partial fulfillment of the requirements for the Degree of Doctor of Philosophy by Talal S Albalawi May 2016
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationComputer Security. 02. Operating System Access Control. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 02. Operating System Access Control Paul Krzyzanowski Rutgers University Spring 2018 February 17, 2018 CS 419 2018 Paul Krzyzanowski 1 Protection is essential to security Protection The
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Access Control Access control is where security engineering meets computer science. Its function is to control which (active) subject have access to a which
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationAccess control. Frank Piessens KATHOLIEKE UNIVERSITEIT LEUVEN
Access control Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2010 1 Overview Introduction: Lampson s model for access control Classical Access Control Models Discretionary Access Control (DAC)
More informationA Survey of Access Control Policies. Amanda Crowell
A Survey of Access Control Policies Amanda Crowell What is Access Control? Policies and mechanisms that determine how data and resources can be accessed on a system. The Players Subjects Objects Semi-objects
More informationIBM Security Identity Manager Version Planning Topics IBM
IBM Security Identity Manager Version 7.0.1 Planning Topics IBM IBM Security Identity Manager Version 7.0.1 Planning Topics IBM ii IBM Security Identity Manager Version 7.0.1: Planning Topics Table of
More informationSecurity and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models
CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication, Authorization, Audit AAA
More informationInvolved subjects in this presentation Security and safety in real-time embedded systems Architectural description, AADL Partitioned architectures
Introduction Problem: security and reliability Purpose: design and implementation of safe/secure systems Help system designers to describe their requirements Ensure safety and security policies enforcement
More informationWrapup. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.
Wrapup CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ Final 2 The final is on Tuesday, May 8, 8:00 in 160 Willard (here) Be late
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More informationTopics in Systems and Program Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and
More informationSecurity Basics. Ruby B. Lee Princeton University HotChips Security Tutorial August
Security Basics Ruby B. Lee Princeton University HotChips Security Tutorial August 10 2014 Outline What is Security Threat Model Security Design Methodology Security Policies Access Control AuthenGcaGon
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationLecture 21. Isolation: virtual machines, sandboxes Covert channels. The pump Why assurance? Trust and assurance Life cycle and assurance
Lecture 21 Isolation: virtual machines, sandboxes Covert channels Detection Mitigation The pump Why assurance? Trust and assurance Life cycle and assurance May 17, 2013 ECS 235B Spring Quarter 2013 Slide
More information