1 / 13

ISA 562 Internet Security Theory and Practice

ISA 562 Internet Security Theory and Practice. Midterm Exam Review. Review for the Mid-term. First five chapters + Cryptography The nature of the exam: 4-5 questions Similar to the homework May have some modeling, some policy, some descriptions. Review. Chapter 1 + Transparency

dieter-morin
Download Presentation

ISA 562 Internet Security Theory and Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISA 562 Internet Security Theory and Practice Midterm Exam Review

  2. Review for the Mid-term • First five chapters + Cryptography • The nature of the exam: • 4-5 questions • Similar to the homework • May have some modeling, some policy, some descriptions

  3. Review • Chapter 1 + Transparency • CIA of Information Security • What they are • Given a set of requirements, can we categorize them? • Access control matrix • Safe state • Safe state written as a (pre-condition, post condition) pair of read, write and access operations • Add/delete rights • Add/delete subjects, objects and operations

  4. Review Chapter 1 Continued … • Mono Operational Commands • Single operations like add “make P the owner of file Q” • Written formally as make.owner(p,q) • Conditional commands • “If p owns f, then let p give r rights to q” • How to write them formally • Multiple conditions…

  5. Review of Chapter 2: Foundations • ACM, ACL and capabilities • Turing machines • Un-decidability • HRU Result: • Is there an algorithm, that given an initially safe state halts and say yes/no to the safety after granting a generic right r ? • Method: Encode safety, granting rights etc as Turing machine instructions • Special cases are decidable: • Take-grant model

  6. Review of Chapter 2: Foundations • Capability based systems • Lock and key model • Lock=object, key=subject • Object carries permissions = subject presents key to unlock object

  7. Review of Chapter 3: Policies • Formalization of security policy using precise policy languages • DAC, MAC and RBAC • Specification of DAC using subjects objects and access rights

  8. Review: MAC • Review and background • Lattices • Military systems and Denning’s Axioms • Bell-LaPadula (BLP) Policy • Step 1 – clearance/classification • Step 2 – categories • Example System – DG/UX • Tranquility • Controversy at a glance

  9. Supremas and Infimas of POsets • Definition: (A,<) is a POset and B  A • Say that b0eA is a Least upper bound (aka Supemum) of B iff (1) b0is an upper bound and (2) b0<b for all other upper bounds b of B b1,b2, b3 b0 Say that c0eA is a greatest lower bound (Infimum) iff (1) c0 is an upper bound (2)c0<b for all other lower bounds c of B Upper bounds B1, B2, B3 B4 B5 B6 The set B c0 c2, c3, c4 Lower bounds

  10. Example Lattices – Power Set Lattice • S = {a,b,c} • 2S = { ,{a},{b},{c},{a,b},{b,c},{a,c},{a,b,c} } • Arrows mean  (informally, included by) Special case: Total order Special case: Lattice Partial order

  11. Example Product Lattice Lattice 1 (arrow means ) Lattice 2 (arrow means ) Lattice 2  Lattice 1 x,y < x’,y’ means y’ y and x  x’

  12. BLP Rules • Simple Security Policy • No Read up • * Security Property • No write down

  13. Cryptography • Major uses: • Confidentiality • Nonrepudiation • Authentication • Access Control • The major types: • Substitution • Symmetric • Asymmetric • RSA • Diffie Hellman

More Related