1 / 23

Chapter 5 Network Security

Chapter 5 Network Security. Chapter 5 – Designing Trusted Operating Systems. In this section . What is a trusted system? Security Policy Military Commercial Clark-Wilson Separation of Duty Chinese Wall Models Lattice Model Bell-La Padula Biba Graham-Denning Take-Grant .

jenn
Download Presentation

Chapter 5 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5 Network Security Chapter 5 – Designing Trusted Operating Systems

  2. In this section • What is a trusted system? • Security Policy • Military • Commercial • Clark-Wilson • Separation of Duty • Chinese Wall • Models • Lattice Model • Bell-La Padula • Biba • Graham-Denning • Take-Grant

  3. Designing Trusted OS • Primary security in computing systems • Primary Security • Memory • File • Objects/Access Control • User Authentication • Trusted – We are confident that services are provided consistently and effectively

  4. Making of a trusted OS • Policy – requirements statement of what is should do • Model – model of the environment to be secured; represents the policy to be enforced • Design – the means of implementation; functionality and construction • Trust – assurance of meeting expectation through the features offered

  5. What is a trusted system? • What makes something secure? • For how long? • Trusted Software – rigorously developed and analyzed • Key Characteristics of Trusted Software: • Functional Correctness • Enforcement of Integrity • Limited Privilege • Appropriate Confidence Level • We speak in terms of trusted and not secure

  6. Many types of Trust: • Trusted Process • Trusted Product • Trusted Software • Trusted Computing Base • Trusted System • Through: • Enforcement of Security Policy • Sufficiency of Measures and Mechanism • Evaluation

  7. Security Policy • Security Policy – statement of the security we expect the system to enforce • A trusted system can be trusted only in relation to its security policy…. To the security needs the system expected to satisfy

  8. Military Security Policy • Basis of many OS security policies • Based on protecting classified information • Top Secret (most sensitive), Secret, Confidential, Restricted, Unclassified (least sensitive) • Limited by the Need-to-Know rule: Access is allowed only to subjects who need to know data to perform job. • Compartments- classification information may be associated with one or more projects describing the subject matter of the information

  9. Classification - <rank; compartments> • This enforces need-to-know both by security level and by topic • Clearance – person is trusted to access information up to a given level of sensitivity with need-to-know • Dominance, on a set of Objects (0) and Subjects (s) • s ≤ o if and only if rank(s) ≤ rank (0) and compartments (s) ⊆ compartments(0) • We say 0 dominates s (or s is dominated by o) • Dominance is used to limit the sensitivity and content of information a subject can access • As subject can read an object only if: • clearance level of the subject is at least as high as the information • Subject has a need-to-know about all compartments for which the information is classified

  10. Commercial Security Policies • Worried about espionage • Degrees of sensitivity: • Public • Proprietary • Internal • No dominance function for most commercial policies since no formal clearance is needed • Integrity and availability are just, not if more, important than confidentiality

  11. Clark-Wilson Commercial Security Policy • This is based on Integrity • Policy on well-formed transactions • Sequence of activities • Performing steps in order, performing exactly the steps listed, and authentication of individuals in the steps (well-formed transactions) • Goal: maintain consistency between internal data and external (users’) expectation of data • Constrained data items which are processed by transformation procedures

  12. Separation of Duty • The required division of responsibilities is called separation of duty • Accomplished manually by means of dual signatures

  13. Chinese Wall Security Policy • Used in legal, medical, investment and accounting firms • Addresses the conflict of interest • Security Policy Builds on: • Objects – low level • Company Groups – mid level • Conflict Classes – high level, groups of objects of competing companies are clusterd

  14. Models of Security • Security Models are used to: • Test a particular policy for completeness and consistency • Document policy • Help conceptualize and design an implementation • Check whether an implementation meets its requirements • Policy is established outside any model • Model is only a mechanism that enforces the policy

  15. Multilevel Security • Build a model to represent a range of sensitivities and to reflect the need to separate subjects rigorously from objects to which they should not have access • The generalized model is called the Lattice Model of Security

  16. Bell-La Padula Confidentiality Model • Formal description of allowable paths of flow in a secure system • Formalization of the military security policy • Two properties: • Simple Security Property – A subject s may have read access to object o only if C(o) ≤ C(s) • *-Property – A subject s who has read access to an object o may have write access to an object p only if C(o) ≤ C(p) • C(s) – clearance; c(0) classification • Write-down – high level subjects transfers high level data to a low level object (prevented by star property)

  17. Figure 5-7  Secure Flow of Information.

  18. Biba Integrity Model • Bell-La Padula model applies only to secrecy • Biba is about Integrity and defines integrity levels • Properties: • Simple Integrity Property – Subject s can modify (have write access to) object o only if I(s) ≥ I(o) • *-Property – if subject s has read access to object o with integrity level I(0), s can have write access to object p only if I(o) ≥ I(p) [write-down] • Totally ignores secrecy

  19. Graham-Denning Model • Formal System of Protection Rules • Access Control Mechanism (matrix) of a protection system • Eight Privative Protection Rights • Create object, Create subject, Delete object and Delete subject • Read Access • Grant Access • Delete Access Right • Transfer Access Right • Matrix: A[s,o]

  20. Take-Grant Systems • Four primitives: create, revoke, take and grant

More Related